Detecting malware is a hard task. Detecting malicious Polymorphic Code is.
Imagine how would the task be, of catching one that doesn’t stop changing its form over and over…
This destructive and intrusive virus can change its code in many ways (filename, encryption key, compression). All with the same reason: to become undetectable for antivirus software.
It’s just a trend on the horrifying but interesting world of Cybersecurity. Experts claim that most malware will have this morphing characteristic in the future.
How does Polymorphic Code works exactly?
A polymorphic virus is made out from many pieces, but the main parts are: the encrypted payload and a mutation engine.
The 1st one (encrypted payload) is what makes it capable of hiding from detection scanner software.
If the attack is successful, the mutation engine triggers to create new decryption routine, appearing as a different file on the scanner’s “eyes”.
All the working mechanism seems futuristic and apocalyptic, but this is far from new.
In 1990, a Polymorphic virus named 1260 / V2PX was created for research purposes. Its creator (Mark Washburn) wanted to prove how limited virus scanners were at that time.
Of course, this didn’t stop there. Two other polymorphic viruses by the name of Tequila and Maltese Amoeba appeared in Europe one year later (1991).
They weren’t that good. And all the wave of polymorphic malware that came next weren’t good either:
- Storm Worm Email: With the subject of “230 dead as storm batters Europe”, it was responsible for an 8% of all global malware infections in 2007. A literal storm that hard to catch… Its code morphed every 30 minutes.
- Virlock ransomware: First found in 2014, it was the only polymorphic ransomware existing at the time. The system’s infected files were also contagious, and the decryption codes were randomly generated.
CryptoWall ransomware came months later after.
The Good, The Bad, & The Ugly of Polymorphic Code
Not everything is bad news in the cybersecurity world.
Just as the attackers rely on exploiting weaknesses by using advanced technology… The good guys are also employing the same techniques for the good, protective purpose.
Shape Security startup is one of many that use Polymorphic Code (ShapeShifter) to fight Malware. In this case, they change website’s code, at great speed to avoid malicious bots and scripts.
Although this sophisticated method it’s not affordable for the small or midsize businesses. Rumours point out to a 7-figure price tag
But even if it looks promising, it’s too early to confirm this will stay on good guys hands only.
On the wrong hands, the attribute-changing nature of polymorphic code would represent a major problem worldwide.
Just think about for a second.
Most antivirus, Firewall and ISP solutions become ineffective at stopping Malware.
Most “solutions” aren’t prepared for it. Meaning, your company relying on them, isn’t safe either.
Is there something you can do about it?
Detection and Prevention of Malicious Polymorphic Code
Thankfully, there is.
While conventional antivirus software products rely on signature-based detection (unsafe, can be fooled)… The newest technologies employ AI and machine learning to detect it early.
They run and kept running as long and often as possible. Therefore, Auto-protect features should be always turned on.
You already have heard about the rest: Do not click on suspicious links or spam mail attachments. Set-up a hard-to-decrypt password and change it often. Keep your software updated.
This is just broken record.
Instead, the most effective method you haven’t heard before, is to activate multiple layers of detection, blocking, filtering, and removal.
Keep running your successful business with peace of mind.