Server-side polymorphism: How mutating web malware tries to defeat anti-virus software [VIDEO]

Server-side polymorphism is a technique used by malware distributors in an attempt to evade detection by anti-virus software.

Regular polymorphic (literally “many shapes”) malware is malicious code which changes its appearance through obfuscation and encryption, ensuring that no sample looks the same. Although the idea of mutating malware sounds quite scary, it’s actually been used by malicious hackers since the early 1990s.

Early examples of polymorphic malicious code include the Tequila virus, SMEG (which literally stood for “Simulated Metamorphic Encryption Generator”) and Dark Avenger’s Mutation Engine (which lesser-skilled virus authors could plug into their malware to grant it the ability to be polymorphic).

As the years passed, polymorphic malware got more and more sophisticated – hoping to beat anti-virus software one of two ways. The malware author’s hope was that we would either fail to detect all instances of their mutating code, or would false alarm on innocent…

Read more in my article on the Naked Security website.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Graham Cluley •   @gcluley

Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, on Mastodon at @[email protected], or drop him an email.