Polymorphic viruses - what is it and how to deal with them?

Table of contents:

Polymorphic viruses - what is it and how to deal with them?
Polymorphic viruses - what is it and how to deal with them?

We've all heard about the dangers of malware, especially online. Special protection programs against various threats cost a lot of money, but is there any point in these expenses? Let's consider the most common types of infection of information carriers, especially the most dangerous of them - polymorphic viruses.

polymorphic viruses
polymorphic viruses

The meaning of infection

By analogy with medicine, computer systems are considered as separate "organisms" that are able to pick up "infection" during interaction with the digital environment: from the Internet or through the use of unverified removable media. Hence the name of most malicious programs - viruses. At the beginning of their appearance, polymorphic viruses served as entertainment for specialists, something like testing their abilities, as well as testing protection systems for certain computer systems and network resources. Now hackers have moved from pampering to outright criminal acts, and all because of the globalization of digital banking systems, which opened up access to electronicwallets from almost anywhere in the world. The information itself, which is now also hunted by the authors of viruses, has now become more accessible, and its value has increased tens and hundreds of times compared to pre-digital times.

virus programs
virus programs

Description and history of occurrence

Polymorphic viruses, as the name suggests, are capable of modifying their own code when making a copy of themselves. Thus, a multiplied virus cannot be detected by anti-virus tools using a single mask and detected in its entirety in a simple scan cycle. The first virus with the technology of modifying its own code was released back in 1990 under the name chameleon. The technology for writing viruses received serious development a little later with the advent of polymorphic code generators, one of which, called the Trident Polymorphic Engine, was distributed with detailed instructions in the BBS archives. Over time, the technology of polymorphism has not undergone major changes, but other ways to hide malicious actions have appeared.

Spread of viruses

In addition to mail systems popular with spammers and virus writers, mutant viruses can enter a computer along with downloaded files when using infected Internet resources via special links. For infection, it is possible to use infected duplicates of known sites. Removable media, usually with an overwrite function, can also become a source of infection, as they may contain infected files that the user is able to run himself. Various requests from installerstemporarily disabling anti-virus software should be a signal to the user, at least for deep checking of executable files. Automatic distribution of viruses is possible if attackers detect deficiencies in protection systems; such software implementations are usually aimed at certain types of networks and operating systems. The popularization of office software has also attracted the attention of intruders, resulting in specially infected macros. Such virus programs have a serious drawback, they are “tied” to the file type, virus macros from Word files cannot interact with Excel spreadsheets.

Types of polymorphism

Polymorphic constructions are divided into several groups according to the complexity of the algorithms used. Oligomorphic ones - the simplest ones - use constants to encrypt their own code, so even a light antivirus is able to calculate and neutralize them. This is followed by codes with several instructions for encryption and the use of an "empty" code, to detect such viruses, security programs must be able to filter out junk commands.

virus head
virus head

Viruses that change their own structure without loss of functionality, as well as implement other low-level encryption techniques, already present a serious difficulty for anti-virus detection. Incurable polymorphic viruses, consisting of program blocks, can insert parts of their code into various places of the infected file. In fact, such viruses do not need to use an "empty" code, whichthe executable code of the infected files is used. Fortunately for users and developers of anti-virus software, writing such viruses requires serious knowledge of assembly language and is only available to programmers of a very high level.

mutant viruses
mutant viruses

Goals, objectives and principle of operation

The virus code in a network worm can pose a great threat, since, in addition to spreading speed, it provides a malicious effect on data and infection of system files. The head of a polymorphic virus in the composition of worms or in the basis of their program code makes it easier to bypass the protections of computers. The goals of viruses can be very different, from simple theft to complete destruction of data recorded on permanent media, as well as disruption of operating systems and their complete destabilization. Some virus programs are capable of transferring control of the computer to intruders for explicitly or covertly launching other programs, connecting to paid network resources, or simply transferring files. Others are able to silently "settle" in RAM and monitor the current process of application execution in search of suitable files to infect or interfere with the user's work.

light antivirus
light antivirus

Protection methods

Installing an antivirus is a must for any computer connected to the network, since operating systems are not able to independently protect against malware, except for the simplest ones. Timely database updates and systematic file checks, in addition toconstant monitoring of the system will also help to recognize the infection in time and eliminate the source. When using outdated or weak computers, today you can install a light antivirus that uses cloud storage of virus databases. The choice of such programs is very wide, and all of them are effective to varying degrees, and the price of anti-virus software does not always indicate its high reliability. An undoubted plus of paid programs is the presence of active user support and frequent updates of virus databases, however, some free analogues also respond in time to the appearance of new virus signatures on the network.

Popular topic

Editor's choice

  • Restore Skype account: step by step instructions, return access to your account
    Restore Skype account: step by step instructions, return access to your account

    Don't know how to recover your Skype account? Or do you want to know your friend's Skype password? The article discusses several ways to restore the user's page, as well as recommendations for storing and selecting pin codes

  • Why can't I follow on Instagram? All possible reasons
    Why can't I follow on Instagram? All possible reasons

    We subscribe to people with a specific goal - to find friends, like-minded people of interest, to learn something new for ourselves. And sometimes it is very strange to see that the Instagram system does not allow you to "follow" the profile you are interested in. This error occurs quite often, no one is immune from this trouble. Let's analyze the main reasons why Instagram does not allow you to subscribe to people

  • How to find out who "liked" a person on Instagram. Proven Methods
    How to find out who "liked" a person on Instagram. Proven Methods

    Everyone who is trying to start the path of a blogger or has already achieved some success in this field, hopes that the content that he shares with readers will not be left without attention. The main indicator of page popularity is “likes”. “Thumbs up” is also put when they want to attract the attention of potential subscribers

  • How to restore a channel on YouTube: detailed instructions, simple and effective tips
    How to restore a channel on YouTube: detailed instructions, simple and effective tips

    This article describes how to restore a channel on YouTube after deleting it. To understand this task, it will be useful to familiarize yourself with some terminology. There is a difference between deleting and blocking a YouTube account

  • How to remove a contact from "Vatsap" and how to block an unwanted interlocutor
    How to remove a contact from "Vatsap" and how to block an unwanted interlocutor

    WhatsApp is a popular messenger. It has many features that users are not even aware of. One of these is the ability to block contacts. It helps to get rid of annoying interlocutors. And how to remove a contact from WhatsApp and how to block it? You can perform these actions in different ways