Skip to main content

What is the Polymorphic Virus?

Hacker on laptop

Imagine a threat that can adapt to every form of defense you throw at it, a threat that constantly changes to avoid detection, a threat that is relentless. This is the stark reality of the threat the polymorphic virus poses to your computer systems and personal data. This type of "shape shifting" virus produces malicious code that replicates itself endlessly and repeatedly changes its characteristics in an attempt to evade and outwit your computer's defenses and eventually sabotage your system.

This ability renders signature-based security useless, and the threat continues to increase in intensity, with research published last year showing that a staggering 97 percent of viruses analyzed had polymorphic properties. In 2015, it took the combined efforts of the FBI and Europol to bring down a botnet—a network of computers—running advanced polymorphic malware called Beebone. The malware was used by a criminal gang to control at least 12,000 computers around the globe and could change itself up to 19 times a day to avoid detection.

Only a year earlier, the first polymorphic, self-replicating ransomware virus was discovered. Called VirLock, it can infect files, replicate itself and change form in addition to locking the computer screen of a host computer like traditional ransomware.

Despite its capabilities, the polymorphic virus is not invulnerable. By taking the right steps, you can protect yourself from this constantly evolving threat.

Update Your Defenses

One of the simplest ways to protect your system from aggressive, adaptive code is to ensure you have the right type of security solution software in place. A high-quality antivirus solution has advantages over basic versions, notably the ability to deploy a far more comprehensive range of scanning techniques, tools and algorithms to recognize and deal with a much wider range of threats. It also protects against a wider variety of potential vulnerability points that could provide access to your system, such as email attachments and Internet downloads.

Time is of the essence when it comes to malware, and premium antivirus software scans your system much faster, allowing you to take action quickly to remove or quarantine threats and repair or recover infected files.

Handling an Evolving Threat

The biggest problem when trying to counter the threat of polymorphic malware is often a security solution’s inability to recognize the malware’s new state after it replicates. In general, when a virus is identified by security software, it is "blacklisted," and anything that looks or behaves like it is automatically blocked. Polymorphic code makes this difficult by frequently changing itself. Even after being repelled, its new incarnation could sneak past defenses that no longer recognize it.

Comprehensive security solution packages counter this in two ways:

  • Heuristic Scanning: Instead of looking for an exact match to an already identified threat, a heuristic scan looks for certain crucial components the threat might share, increasing the chances of detecting and stopping a new variation of the virus.
  • Behavior-based Detection: This type of antivirus function analyzes the behavior of a virus rather than only looking at its actual code.

Last year, Kaspersky Lab's anti-phishing technologies utilized heuristic scanning techniques to detect almost 155 million attempts by computer users to visit phishing pages where their personal details could have been compromised.

Beware of Internet and Email Threats

Vigilance is the key to preventing the spread of polymorphic viruses. The initial infection of a system often comes from an action such as downloading an infected email attachment or visiting a website that has been compromised. Your own good judgment is often your first and best line of defense.

  • Email Caution: Steer clear of suspicious websites, and don't open attachments you aren't expecting to receive. Don't open any email from senders you don't know.
  • Software Caution: Don't download software or software updates unless you scan it for viruses first. It's also best to go straight to the reputable source, rather than download from other websites or links.

Keep Software Up to Date

Hackers constantly update and refine their codes, but the good guys do the same on your behalf. There is a continual game of cat-and-mouse as hackers write code aimed at breaching flaws and vulnerabilities in operating systems and software, while the companies who own those systems work to fix any flaws and vulnerabilities that surface. Updates are released in the form of free software patches. Make sure you install them promptly.

Take Security Seriously

As polymorphic viruses become more sophisticated, your defenses need to become sharper and sharper. Don't be complacent. Make sure your system and accounts have complicated passwords. Your mother's maiden name will not do.

Change passwords periodically, but don't do it constantly. According to a UNC study for the Federal Trade Commission, changing passwords too often could be counterproductive because users tend to merely tweak old passwords in predictable ways. It's better to create complex passwords that are difficult for an attacker to guess than to constantly change a not so difficult password. Additionally, never have the same password for more than one system or account.

The threat of a polymorphic virus is frightening, but taking a few precautions can minimize your risk. Start by taking security seriously and installing antivirus software as your first line of defense.

What is the Polymorphic Virus?

Imagine a threat that can adapt to every form of defense you throw at it, a threat that constantly changes to avoid detection, a threat that is relentless. This is the stark reality of the threat the polymorphic virus poses to your computer systems and personal data. This type of "shape shifting" virus produces malicious code that replicates itself endlessly and repeatedly changes its characteristics in an attempt to evade and outwit your computer's defenses and eventually sabotage your system.
Kaspersky logo

Related articles