Polymorphic engine

A polymorphic engine (sometimes called mutation engine or mutating engine) is a computer program that can be used to transform a program into a subsequent version that consists of different code yet operates with the same functionality. For example, 3+1 and 6-2 both achieve the same result, yet use completely different code.

Polymorphic engines typically work either by encrypting code, or obfuscating code, the latter of which may not involve any encryption at all.

Polymorphic engines are used almost exclusively by computer viruses, shellcodes and other malware, with the main purpose being to make it hard for virus scanners and other security software to detect and identify the body of the malware as traditional "fixed signatures" cannot usually be used.

The first polymorphic engine was called MtE (short for Mutation Engine). It was written in 1992 by a virus author who called himself 'Dark Avenger'. There has subsequently been a dissasembly,[1] which shows the implementation of the variety of encryption routines possible.

A polymorphic packer is a type of polymorphic engine. A polymorphic packer is a software tool, which rolls up several kinds of malware into a single package, such as an e-mail attachment, and has the ability to make its "signature" mutate over time, so it is more difficult to detect and remove.

See also

References


This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.