Polymorphic malware is harmful, destructive or intrusive computer software such as a virus, worm, Trojan or spyware that constantly changes ("morphs"), making it difficult to detect with anti-malware programs. Evolution of the malicious code can occur in a variety of ways such as filename changes, compression and encryption with variable keys.
Although the appearance of the code in polymorphic malware varies with each "mutation," the essential function usually remains the same. For example, a spyware program intended to act as a keylogger will continue to perform that function even though its signature changes. If the malicious program is discovered by an anti-malware vendor and its signature is added to a downloadable database, the anti-malware program will fail to detect the rogue code after the signature has changed, just as if a new virus, worm, Trojan or spyware program has emerged. In this way, malware creators gain an advantage over countermeasure developers.
The best method of dealing with polymorphic malware is to employ multiple and diverse blocking, filtering, detection and removal programs. These programs should be kept current and should be run as often as possible. Auto-protect features, if available, should be enabled.