Polymorphic malware

From CNM Wiki
Revision as of 17:18, 18 July 2020 by QiratH (talk | contribs) (Created page with "Polymorphic malware is malware that changes each instance to avoid detection. It typically has two parts: the decryptor and the encrypted program body. Each instance can...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Polymorphic malware is malware that changes each instance to avoid detection. It typically has two parts: the decryptor and the encrypted program body. Each instance can encrypt the malware program differently and hence has a different decryptor; however, once decrypted, the same malware code is executed. (contrast with metamorphic malware).

Definitions

According to the CyBOK (version 1),

Polymorphic malware. Malware that changes each instance to avoid detection. It typically has two parts: the decryptor and the encrypted program body. Each instance can encrypt the malware program differently and hence has a different decryptor; however, once decrypted, the same malware code is executed. (contrast with metamorphic malware).