Learn about polymorphic malware and how to protect against this threat in Data Protection 101, our series on the fundamentals of information security. Show
Definition of Polymorphic MalwarePolymorphic malware is a type of malware that constantly changes its identifiable features in order to evade detection. Many of the common forms of malware can be polymorphic, including viruses, worms, bots, trojans, or keyloggers. Polymorphic techniques involve frequently changing identifiable characteristics like file names and types or encryption keys to make the malware unrecognizable to many detection techniques. Polymorphism is used to evade pattern-matching detection relied on by security solutions like antivirus software. While certain characteristics of polymorphic malware change, its functional purpose remains the same. For example, a polymorphic virus will continue to spread and infect devices even if its signature changes to avoid detection. By changing characteristics to generate a new signature, signature-based detection solutions will not recognize the file as malicious. Even if the new signature is identified and added to antivirus solutions’ signature database, polymorphic malware can continue to change signatures and carry out attacks without being detected. Examples of Polymorphic MalwareWebroot researchers have found that 97% of malware infections employ polymorphic techniques. While some of these tactics have been around since the 1990s, a new wave of aggressive polymorphic malware has emerged over the past decade. Some high profile examples of polymorphic malware include:
The Threat Posed by Polymorphic MalwareMany malware strains now have polymorphic capabilities, rendering traditional antivirus solutions ineffective at detecting and stopping the malware prior to compromise. For years, the conventional wisdom on malware protection has been to invest in preventative solutions like antivirus, firewalls and IPS. However, these solutions do not work against polymorphic malware. The fact that some polymorphic techniques are used in nearly all successful attacks today means that if your company is relying on these solutions then you are leaving yourself open to attack. At present, Gartner estimates that enterprise infosec spend is 90% prevention and 10% detection. However, there are certain limitations with this prevention-centered approach and, especially in the case of polymorphic malware, many prevention controls are failing to stop malicious activities.
Best Practices for Protecting Against Polymorphic MalwareProtecting against polymorphic malware requires a layered approach to enterprise security combining people, processes, and technology. There are a number of best practices companies should follow for polymorphic malware protection, ranging from general best practices for malware protection to specialty solutions for behavior-based detection. Here are a few key tips for protecting against polymorphic malware:
Further Reading on Polymorphic Malware:
Tags: Data Protection 101 What type of virus can hide itself to avoid detection?Typically, when an antivirus program runs, a stealth virus hides itself in memory and uses various tricks to hide any changes it has made to files or boot records. It may maintain a copy of the original, uninfected data and also monitor system activity.
Which type of virus can change its appearance to evade detection?A polymorphic virus is a harmful, destructive or intrusive type of malware that can change or "morph," making it difficult to detect with antimalware programs.
Which type of virus is hard to detect as it changes its own code to evade matching a virus signature?Definition of Polymorphic Malware
Polymorphic malware is a type of malware that constantly changes its identifiable features in order to evade detection.
Which type of virus can change its own code and then cipher itself multiple times as it replicates?Stealth virus
A stealth virus may be a sort of virus malware that contains sophisticated means of avoiding detection by antivirus software. After it manages to urge into the now-infected machine a stealth viruses hides itself by continually renaming and moving itself round the disc.
|