Revision as of 05:53, 22 September 2004 edit EDGE (talk \| contribs) 271 edits Significantly cleaned up the first half ot the article. Hopefully someone will add insights to this fascinating topic. Perhaps more historical analysis. ← Previous edit		Revision as of 05:54, 22 September 2004 edit undo EDGE (talk \| contribs) 271 edits No edit summary Next edit →
Line 4: This technique is sometimes used by [[computer virus]]es, [[shellcode]]s and [[computer worm]]s to hide their presence. Most [[anti virus-software]] and [[intrusion detection system]]s attempt to ~~located~~locate malicious code by searching through computer files and data packets sent over a [[computer network]]. If the security software finds patterns that correspond to known computer viruses or worms, it takes appropriate steps to neutralize the threat. [[Polymorphic]] algorithms make it difficult for such software to locate the offending code as it constantly mutates. [[Encryption]] is the most commonly used method of achieving polymorphism in code. However, not all of the code can be encrypted as it would be completely unusable. A small portion of it is left unencrypted and used to jumpstart the encrypted software. Anti-virus software targets this small unencrypted portion of code.

Polymorphic code: Difference between revisions