Server-side polymorphism is a technique used by malware distributors in an attempt to evade detection by anti-virus software.
Regular polymorphic (literally “many shapes”) malware is malicious code which changes its appearance through obfuscation and encryption, ensuring that no sample looks the same. Although the idea of mutating malware sounds quite scary, it’s actually been used by malicious hackers since the early 1990s.
Early examples of polymorphic malicious code include the Tequila virus, SMEG (which literally stood for “Simulated Metamorphic Encryption Generator”) and Dark Avenger’s Mutation Engine (which lesser-skilled virus authors could plug into their malware to grant it the ability to be polymorphic).
As the years passed, polymorphic malware got more and more sophisticated – hoping to beat anti-virus software one of two ways. The malware author’s hope was that we would either fail to detect all instances of their mutating code, or would false alarm on innocent…
Read more in my article on the Naked Security website.
Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.