 - Polymorphic malware is harmful, destructive or intrusive computer software such as a virus, worm, Trojan or spyware that constantly changes ("morphs"), making it difficult to detect with anti-malware programs. Evolution of the malicious code can occur in a variety of ways such as filename changes, compression and encryption with variable keys.
Although the appearance of the code in polymorphic malware varies with each "mutation," the essential function usually remains the same. For example, a spyware program intended to act as a keylogger will continue to perform that function even though its signature changes. If the malicious program is discovered by an anti-malware vendor and its signature is added to a downloadable database, the anti-malware program will fail to detect the rogue code after the signature has changed, just as if a new virus, worm, Trojan or spyware program has emerged. In this way, malware creators gain an advantage over countermeasure developers.
The best method of dealing with polymorphic malware is to employ multiple and diverse blocking, filtering, detection and removal programs. These programs should be kept current and should be run as often as possible. Auto-protect features, if available, should be enabled.
| LAST UPDATED: |
19 Apr 2007
|
 |
Read more about polymorphic malware:
|
|
Do you have something to add to this definition? Let us know.
Send your comments to techterms@whatis.com
|
 |
 |
| |
RELATED GLOSSARY TERMS
| Terms from Whatis.com − the technology online dictionary |
 |
DNS rebinding attack
(SearchSecurity.com)
DNS rebinding is an exploit in which the attacker uses JavaScript in a malicious Web page to gain control of the victim's router. The attack works...
|
|
drive-by pharming
(SearchSecurity.com)
Drive-by pharming is a vulnerability exploitation method in which the attacker takes advantage of an inadequately unprotected broadband router to gain...
|
|
|
