Content deleted Content added
No edit summary |
Reorder |
||
Line 1:
In computer terminology, '''polymorphic code''' is code that mutates while keeping the original [[algorithm]] intact. This technique is sometimes used by [[computer virus]]es, [[shellcode]]s and [[computer worm]]s to hide their presence.
A more known polymorphic virus was invented in 1992 by the [[Bulgarians|Bulgarian]] [[security cracking|cracker]] [[Dark Avenger]] (a [[pseudonym]]) as a means of avoiding pattern recognition from antivirus-software.▼
Most [[anti-virus software]] and [[intrusion detection system]]s attempt to locate malicious code by searching through computer files and data packets sent over a [[computer network]]. If the security software finds patterns that correspond to known computer viruses or worms, it takes appropriate steps to neutralize the threat. [[Polymorphic]] algorithms make it difficult for such software to locate the offending code as it constantly mutates.
Line 11 ⟶ 6:
Malicious [[programmer]]s have sought to protect their polymorphic code from this strategy by rewriting the unencrypted decryption engine each time the virus or worm is propagated. Sophisticated pattern analysis is used by anti-virus software to find underlying patterns within the different mutations of the decryption engine in hopes of reliably detecting such [[malware]].
▲The first known polymorphic virus was written by Mark Washburn. The virus, called [[1260 (virus)]], was written in 1990. A more known polymorphic virus was invented in 1992 by the [[Bulgarians|Bulgarian]] [[security cracking|cracker]] [[Dark Avenger]] (a [[pseudonym]]) as a means of avoiding pattern recognition from antivirus-software.
== Example ==
| |||