Metamorphic and Polymorphic malware
Can you imagine that a piece of malware code, can change its shape and signature each time it appears, to make it extremely hard for signature based antivirus to detect them ?! This is called polymorphic malware and metamorphic malware.
In its annual threat report, security firm Sophos said that the majority of samples it observes are unique attacks associated with polymorphic and metamorphic malware.
Although the idea of mutating malware sounds quite scary, it’s actually been used by malicious hackers since the early 1990s but they are getting very advanced. Usually antivirus solutions use signatures to identify malware by comparing each file with their database of malware signatures. If the file under investigation has the a signature that looks like on of the signatures in their database, then it will detect the infection.
Crackers are getting smarter. When you visit a suspicious web site, you will get infected with a malware with a certain shape and signature. When another person visits the same site, he will get infected with the same malware but with different shape and signature. Each time someone downloads that malware, a new shape is generated for the same malware automatically. Actually refreshing that page will generate new shapes for the new malware !. This makes it so difficult for signature based antivirus solutions to handle.
Not only each download for the same malware will have different shape, the same malware on a certain machine will keep changing its shape to avoid detection. This is how sophisticated polymorphic and metamorphic malware can be
It is important to note that although the malware changed (“morphs”) its shape for each iteration and each download, the function that it performs remains the same (it is like it changes its appearance, but the bad code inside it still doing the same damage).
This is an example of malware (codenamed Shylock) that once appear with file name and description, and with time it appears as different file completely, changing by that its signature:
Metamorphic malware
This type of malware is completely rewritten with each iteration but still each version for each iteration functions the same way. The longer the malware stays in a computer, the more iterations and versions it will produce and the more sophisticated the iterations are.
The technologies used by metamorphic malware is so sophisticated and complex. Metamorphic malware is more difficult to detect than polymorphic malware. Some of the technologies used for such malware include register renaming, code permutation, code expansion, code shrinking and garbage code insertion.
Polymorphic malware
it is also a type of malware that changes its shape and signature. It has usually two parts, one of them changes its shape, while the other part remains the same, which makes it easier to detect than metamorphic malware.
Usually this type of malware consists of two parts :
- Code that is used to decrypt and encrypt the other part (usually called VDR : virus decryption routine). This part does not change its shape.
- The core malware code that changes its shape (usually called EVB : encrypted virus body).
When an infected application launches, the VDR decrypt the encrypted virus body (EVB) so it can execute and then re-encrypt it again. Usually the malware writer will use randomly generated encryption key to be used by the VDR so for each malware download, so that we will get completely different EVB encrypted virus body.
Reblogged this on Remove Your Malware and commented:
An interesting and informative article about “Metamorphic” and “Polymorphic” Malware by Ammar Hasayen makes today’s reblog! If you want to see more articles like this, head to ammarhasayen.com! Or follow Remove Your Malware for similar posts!
Thank you
This website was… how do I say it? Relevant!! Finally I have found something which helped me.
Appreciate it!
Oh. Thanks man… ur sweat comment made my day:)
Hi would you mind sharing which blog platform you’re using?
I’m planning to start my own blog in the near future but I’m having
a tough time choosing between BlogEngine/Wordpress/B2evolution and Drupal.
The reason I ask is because your design and style seems different then
most blogs and I’m looking for something
completely unique. P.S Apologies for being off-topic but I
had to ask!
Sure let me get back to u tomorrow
Hi and sorry for late reply.
Well, i am using wordpress.com as it provides more professional platform for blogging.
Regarding the blog theme, wordpress.com provides many free and payed themes that you can pick from. You have just to be created i guess 🙂
Hello, I enjoy reading through your article.
I like to write a little comment to support you.
My spouse and I stumbled over here coming from a different web page
and thought I might check things out. I like what I see so now i am following you.
Look forward to looking over your web page yet again.
So glad you liked it 🙂
These are actually wonderfful ideas in about blogging. You have touched some fastidious points here.
Any way keep uup wrinting.
For hottest information you have to pay a visit world wide
web and on internet I found this site as a finest web page for latest
updates.
Thanks indeed
Attractive section of content. I just stumbled upon your blog and in accession capital to assert
that I get actually enjoyed account your blog posts.
Anyway I will be subscribing to your feeds and even I achievement you access consistently quickly.
Thanks indeed!
I have been browsing online more than 3 hours today, yet I never found any interesting
article like yours. It is pretty worth enough for me.
In my view, if all web owners and bloggers made good content as you did, the
web will be a lot more useful than ever before.
Oh.. that makes me happy person…:)
Howdy! Someone in my Myspace group shared this site with us so I
came to give it a look. I’m definitely enjoying the information.
I’m book-marking and will be tweeting this to my followers!
Terrific blog and brilliant design.
Thanks man. Really appreciated 🙂
Hey! Someone in my Facebook group shared this site with
us so I came to take a look. I’m definitely enjoying the
information. I’m bookmarking and will be tweeting this to my followers!
Fantastic blog and amazing design and style.
Appreciated man !!!
What’s up to every one, it’s truly a fastidious for me to pay a quick visit this site,
it includes helpful Information.
Appreciated man!
I’d like to find out more? I’d care to find out more details.
I do believe all of the ideas you have introduced in your post.
They’re very convincing and can certainly work. Still, the posts are
very short for newbies. May you please extend
them a bit from next time? Thank you for the post.
Sure thanks.for your feedback 🙂
What’s up, I wish for to subscribe for this webpage to obtain most up-to-date updates, therefore where can i do
it please help out.
thanks for your comment…you can find the (Follow) Icon on my blog to subscribe here:)
Hi! Quick question that’s entirely off topic. Do you know how to make your site mobile friendly?
My website looks weird when browsing from my iphone 4.
I’m trying to find a template or plugin that might be able to fix this problem.
If you have any recommendations, please share.
With thanks!
Hi, actually im using a host provider wordpress.com and i am using a theme called iTheme2, and it comes with a mobile friendly features and even a wordpress mobile app 🙂
Asking questions are actually pleasant thing
if you are not understanding anything completely,
however this piece of writing offers pleasant understanding even.
I blog quite often and I truly appreciate your content.
Your article has really peaked my interest. I am
going to take a note of your blog and keep checking
for new details about once a week. I subscribed to your RSS feed as well.
Oh..thanks man.. appreciated
Normally I don’t learn post on blogs, however I would like to say that this write-up very
compelled me to check out and do it! Your writing style has been surprised me.
Thank you, very great article.
🙂 you are just being kind
Hi there are using WordPress for your site platform?
I’m new to the blog world but I’m trying to get started and create
my own. Do you require any coding knowledge to make your own blog?
Any help would be really appreciated!
Yes im just using wordpress.com with free theme called iTheme2. No knowledge at all is required;)
Grrat blog here! Also your web site loadrs up fast! What host
are you using? Can I get youir affiliate link to your host?
I wish my site loaded up as quickly as yours lol
Hiii and thanks for your feedback. Im using wordpress.com public blog 🙂
Very worthwhile subject, many thanks for sharing.
I’ve read some good stuff here. Certainly price bookmarking for revisiting.
I wonder how much effort you place to make this sort of
great informative site.
Thanks alot for your kind comment… ya it is long experience from the field and I like to write. So glad you liked it :))))
Nice blog! Is your theme custom made or did you download it from somewhere?
A design like yours with a few simple adjustements would really make my blog stand out.
Please let me know where you got your theme. Many thanks
im using the public wordpress blog platform with a free theme called ITheme2.
Thanks for your feedback:)
Oh my goodness! Incredible article dude! Thank you so much, However I am
encountering problems with your RSS. I don’t understand why I can’t join it.
Is there anyone else having the same RSS problems?
Anybody who knows the answer can you kindly respond? Thanx!!
Thanks man indeed. Yes it took me sometime to write this article 🙂 im sad to hear that RSS is not working 🙁 im using public provider for my blog and cannot even troubleshoot 🙁
Great post. I used to be checking continuously this blog and I’m inspired!
Extremely useful information particularly the final part :
) I handle such info a lot. I was looking for this particular info for a very lengthy time.
Thanks and good luck.
Thankssss
I have been browsing on-line more than 3 hours these days,
yet I by no means discovered any attention-grabbing article like
yours. It is beautiful worth sufficient for me.
In my view, if all site owners and bloggers made just right content material
as you did, the internet will likely be a lot more useful than ever before.
So blessed to hear such wonderful feedback. I feel the same when browsing the internet that is why im giving my time and effort to write something worth reading
I couldn’t refrain from commenting. Well written!
It’s actually a nice and helpful piece of information. I’m
happy that you just shared this useful information with
us. Please stay us informed like this. Thank you for sharing.
I couldn’t resist commenting. Very well written!
We’re a group of volunteers and starting a new scheme in our community.
Your website provided us with helpful info to work on. You have performed a formidable process and our whole group will be
grateful to you.
Hi just wanted to give you a quick heads up and let you know a few of the
images aren’t loading properly. I’m not sure why but I
think its a linking issue. I’ve tried it in two
different web browsers and both show the same results.
I go to see each day some web sites and websites
to read articles, however this weblog offers quality based posts.
I blog quite often and I really thank you for your content.
The article has really peaked my interest. I am going to bookmark your website and keep checking
for new details about once a week. I subscribed to your Feed too.
Oh thanks man ! Appreciated !!.
I’m very happy to find this website. I wanted to thank you for ones time
for this fantastic read!! I definitely liked every bit
of it and i also have you book marked to look at new information on your
web site.
Hey very nice web site!! Man .. Beautiful ..
Superb .. I’ll bookmark your site and take the feeds additionally?
I am happy to search out a lot of helpful information here
within the post, we want develop more strategies in this regard,
thank you for sharing. . . . . .
Oh sad to hear that..im using hosted blog engine so I have no big control about this… but I wil contact the wordpress support and open a ticket for that.
Hi there, You’ve done an incredible job. I’ll definitely digg it and personally recommend to my friends.
I am confident they’ll be benefited from this website.