Revision as of 09:25, 17 July 2021 edit Swpb (talk \| contribs) Autopatrolled, Extended confirmed users, New page reviewers, Pending changes reviewers 93,489 edits →Malicious code Tags: Mobile edit Mobile web edit Advanced mobile edit ← Previous edit		Revision as of 11:43, 12 October 2021 edit undo RDBrown (talk \| contribs) Extended confirmed users 15,902 edits →Cite journal, thesis Next edit →
Line 1: {{distinguish\|Polymorphism (computer science)}} {{refimprove\|date=November 2010}} In computing, '''polymorphic code''' is code that uses a [[polymorphic engine]] to mutate while keeping the original [[algorithm]] intact - that is, the ''code'' changes itself every time it runs, but the ''function'' of the code (its [[semantics]]) will not change at all. For example, 1+3 and 6-2 both achieve the same result while using different values and operations. This technique is sometimes used by [[computer virus]]es, [[shellcode]]s and [[computer worm]]s to hide their presence.<ref name="rugha">{{cite thesis \|last=Raghunathan, \|first=Srinivasan (\|date=2007). ''\|title=Protecting anti-virus software under viral attacks~~''.~~ \|type=M.Sc. ~~Thesis,~~ \|publisher=Arizona State University \|citeseerx=10.~~[https://pdfs~~1.~~semanticscholar~~1.~~org/0676/da6041ea51a3e8d80c597e503680e925aed0~~93.~~pdf]{{Dead link\|date=May 2020 \|bot=InternetArchiveBot \|fix-attempted=yes~~ 796}}</ref> [[Encryption]] is the most common method to hide code. With encryption, the main body of the code (also called its payload) is encrypted and will appear meaningless. For the code to function as before, a decryption function is added to the code. When the code is ''executed'' this function reads the payload and decrypts it before executing it in turn. Encryption alone is not polymorphism. To gain polymorphic behavior, the encryptor/decryptor pair is mutated with each copy of the code. This allows different versions of some code which all function the same.<ref name="wongstamp">{{cite journal \|last=Wong, \|first=Wing; \|last2=Stamp, \|first2=M. ~~(2006). ''~~\|title=Hunting for Metamorphic Engines~~''.~~ \|journal=Journal in Computer Virology. ~~Department~~\|volume=2 of\|issue= ~~Computer~~\|pages=211–229 ~~Science,~~\|date=2006 ~~San Jose State University~~\|doi=10.1007/s11416-006-0028-7 ~~[http://www~~\|citeseerx=10.~~truststc~~1.~~org/pubs/237/hunting~~1.108.~~pdf]~~3878}}</ref> == Malicious code == Line 90: == References == <references/> {{refbegin}} *{{cite journal \|author-link= \|last=Spinellis, \|first=Diomidis; [\|url=http://www.spinellis.gr/pubs/jrnl/2002-ieeetit-npvirus/html/npvirus.html ''\|title=Reliable identification of bounded-length viruses is NP-complete~~''],~~ \|journal=IEEE Transactions on Information Theory, \|volume=49( \|issue=1~~):280–284,~~ \|pages=280–4 \|date=January 2003. ~~{{doi~~\|doi=10.1109/TIT.2002.806137}} {{refend}} [[Category:Types of malware]]

Polymorphic code: Difference between revisions