search

Which type of mutation completely changes a virus from its original form by rewriting its own code whenever it is executed?

1 Jahrs vor
Kommentare: 0
Ansichten: 68

A polymorphic virus is a harmful, destructive or intrusive type of malware that can change or "morph," making it difficult to detect with antimalware programs. Evolution of the malicious code can occur in a variety of ways such as filename changes, compression and encryption with variable keys.

Show

How polymorphic viruses work

Although the appearance of the code in a polymorphic virus varies with each "mutation," the essential function usually remains the same. For example, a spyware program intended to act as a keylogger will continue to perform that function even though its signature changes. If the spyware program is discovered by an antimalware program and its signature is added to a downloadable database, the antimalware program will fail to detect the rogue code after the signature changes, just as if a new spyware program has emerged. In this way, malware creators gain an advantage over security vendors that use traditional signature-based detection to find and block malicious code.

How polymorphic code is generated

Polymorphic code typically uses a mutation engine that accompanies the underlying malicious code. The mutation engine doesn't change the underlying code; instead, the engine generates new decryption routines for the code. The mutation engine can also alter the file names of the polymorphic code. As a result, each time the code is installed on a new device or system, the mutation engine generates a brand new decryption routine.

A polymorphic virus includes an encrypted payload and a mutation engine. The encryption hides the malicious payload from scanners and threat detection software, which are left to identify the virus by its decryption routine. Once the virus is installed on a target, the payload is decrypted and it infects the system; the mutation engine randomly creates a new decryption routine so that when the virus moves to the next target, it appears to be a different file to scanners.

Examples of polymorphic viruses

While polymorphic viruses have become increasingly common in the 21st century as antimalware and threat detection technology has improved, they existed well before that. The first known polymorphic virus was called 1260, or V2PX, and it was created in 1990 as part of a research project. The author, computer researcher Mark Washburn, wanted to demonstrate the limitations of virus scanners at that time. Nonresearch polymorphic viruses began to emerge soon after Washburn's project. Two early examples -- the Tequila and Maltese Amoeba viruses -- were discovered in Europe in 1991.

More recent examples of polymorphic viruses and malware have demonstrated increased sophistication. The Storm Worm, which featured a backdoor Trojan, was first discovered in 2007. The worm spread via malicious email messages and, once the Trojan executed, it would turn systems or devices into bots. The Storm Worm featured a polymorphic packer, which is similar to a polymorphic engine; a packer can contain several different variants of malware in a single item such as an email attachment. The worm's polymorphic packer would change every 10 to 30 minutes, depending on the version, in order to avoid detection.

The Virlock ransomware family, which was first discovered in 2014, is considered the first instance of polymorphic ransomware. The virus's decryption codes were randomly generated each time the virus spread to and executed on a new file. The Virlock ransomware not only infects files, but also turns them into polymorphic file infectors; when an infected file is sent to or shared with another user, the Virlock ransomware executes and infects the new user's files. Once the infection is completed, the mutation engine changes the packer containing the malware body.

Detection and prevention

Most conventional antivirus and threat detection products rely on signature-based detection, which can be fooled by polymorphic viruses. However, newer security technologies employ machine learning and behavior-based analytics rather than signature detection. Machine learning algorithms focus on anomalous behavior of unknown programs as well as other static characteristics such as file names and API calls.

The best approach for defending against polymorphic viruses is to employ multiple and diverse layers of information security measure such as antimalware software and threat detection. These programs should be kept current and should be run as often as possible. Auto-protect features, if available, should also be enabled.

This was last updated in December 2017

Continue Reading About polymorphic virus

  • Find out how enterprises can use polymorphism to their advantage
  • Learn more about the limits of signature-based detection
  • Discover how machine learning technology is being applied in cybersecurity
  • Read more on how to mitigate the evasion techniques of today's malware
  • Dive deeper into the different types of polymorphic malware

Dig Deeper on Threats and vulnerabilities

  • Which type of mutation completely changes a virus from its original form by rewriting its own code whenever it is executed?
    metamorphic and polymorphic malware

    Which type of mutation completely changes a virus from its original form by rewriting its own code whenever it is executed?

    By: Rahul Awati

  • Which type of mutation completely changes a virus from its original form by rewriting its own code whenever it is executed?
    Researchers use PyInstaller to create stealth malware
  • Which type of mutation completely changes a virus from its original form by rewriting its own code whenever it is executed?
    virus (computer virus)

    Which type of mutation completely changes a virus from its original form by rewriting its own code whenever it is executed?

    By: Mike Chapple

  • Which type of mutation completely changes a virus from its original form by rewriting its own code whenever it is executed?
    Singapore researchers get priority access to HPC resources

    Which type of mutation completely changes a virus from its original form by rewriting its own code whenever it is executed?

    By: Aaron Tan

Can rewrite its own code and thus appears different each time it is executed?

code that completely changes from its original form whenever it is executed. Polymorphic malware: can actually rewrite its own code thus appears different each time it is executed. some malware has its primary trait spreading rapidly to other systems in order to impact a large number of users.

Which type of malware self replicates between computers from one computer to another )?

Worms are a self-replicating type of malware (and a type of virus) that enter networks by exploiting vulnerabilities, moving quickly from one computer to another. Because of this, worms can propagate themselves and spread very quickly – not only locally, but have the potential to disrupt systems worldwide.

How does an Appender infection work?

An appending virus takes a lot of steps to attach to a host program. Technically, the virus searches for a file and then calculates its delta offset to determine the exact file size. Then it takes the file attributes and saves them to restore them later to make the file appear to be unedited.

How does a rootkit work?

A rootkit is a malicious software bundle designed to give unauthorized access to a computer or other software. Rootkits are hard to detect and can conceal their presence within an infected system. Hackers use rootkit malware to remotely access your computer, manipulate it, and steal data.

type mutation completely virus original form rewriting code executed

zusammenhängende Posts

What type of network is defined by two computers that can both send and receive requests for resources select one client server peer to peer enterprise campus?
What type of network is defined by two computers that can both send and receive requests for resources select one client server peer to peer enterprise campus?

Which type of cabling are you most likely to install in a new lan to connect computers to switches?
Which type of cabling are you most likely to install in a new lan to connect computers to switches?

What type of security software prevents detects and remove malware that tries to collect personal information or change computer settings without your consent?
What type of security software prevents detects and remove malware that tries to collect personal information or change computer settings without your consent?

Which type of personal protective equipment would you most likely need if providing wound care?
Which type of personal protective equipment would you most likely need if providing wound care?

What identifies components by a coding scheme that specifies size shape and type of processing?
What identifies components by a coding scheme that specifies size shape and type of processing?

In what type of conditioning do organisms learn to associate a behavior and its consequence?
In what type of conditioning do organisms learn to associate a behavior and its consequence?

What type of laptop is thin light and powerful and is as much about power and portability?
What type of laptop is thin light and powerful and is as much about power and portability?

What type of interview is used when a managers uses a set of predetermined questions for all the applicants for a specific job?
What type of interview is used when a managers uses a set of predetermined questions for all the applicants for a specific job?

In which type of attack is falsified information used to redirect users to malicious internet sites
In which type of attack is falsified information used to redirect users to malicious internet sites

What type of malware installs on a computer without the knowledge or permission of the user and replicates itself on the computer or through out a network?
What type of malware installs on a computer without the knowledge or permission of the user and replicates itself on the computer or through out a network?

Werbung

NEUESTEN NACHRICHTEN

Wissen Sie wissen Sie wer Radetzky ist
1 Jahrs vor . durch MistySloth
Wie besprochen sende ich Ihnen im Anhang die?
1 Jahrs vor . durch RuinedBarrymore
Wie heißen die adoptivkinder von christina aguilera
1 Jahrs vor . durch SurprisedEpilepsy
To evaluate quality, it is helpful when organizations develop ______ system.
1 Jahrs vor . durch SublimePharaoh
What models of decision making explain how managers really come to decisions
1 Jahrs vor . durch All-importantDiversity
Which of the following outlines the overall authority to perform an IS audit
1 Jahrs vor . durch ExcellentQuantity
Wo bekommt man am meisten für seine Rente?
1 Jahrs vor . durch RacingCemetery
Duplex zimmer bedeutung
1 Jahrs vor . durch DreadedProjection
Transformers 5 deutsch der ganze film
1 Jahrs vor . durch PossibleBy-election
What is the Internet standard for how Web pages are formatted and displayed?
1 Jahrs vor . durch VehementSufferer

Werbung

Populer

Werbung

Um

Legal

Hilfe

Sozial

homeendefrjakoptzhthit
Urheberrechte © © 2024 toptenid.com Inc.