Malware polymorphism: Difference between revisions

From Citizendium
Jump to navigation Jump to search
imported>Howard C. Berkowitz
No edit summary
m (Text replacement - "{{subpages}}" to "{{PropDel}}<br><br>{{subpages}}")
(One intermediate revision by one other user not shown)
Line 1: Line 1:
{{subpages}}
{{PropDel}}<br><br>{{subpages}}
In the context of computer [[malware]], '''malware polymorphism''', often phrased in the context of the malware itself such as '''polymorphic worm''' or '''polymorphic virus''', in order to hide itself from malware detection tools (e.g., [[host intrusion detection system]]). A simple example would be a worm that contains malicious instructions, but inserts null instructions into the software payload, so:
In the context of computer [[malware]], '''malware polymorphism''', often phrased in the context of the malware itself such as '''polymorphic worm''' or '''polymorphic virus''', in order to hide itself from malware detection tools (e.g., [[host intrusion detection system]]). A simple example would be a worm that contains malicious instructions, but inserts null instructions into the software payload, so:
*Detection fails when looking for software of a specific length, because the number of null instructions is random in each copy
*Detection fails when looking for software of a specific length, because the number of null instructions is random in each copy
*Detection fails when looking for a specific sequence of instruction that simply matches a pattern, and will not ignore null operations that change the content, but not the execution behavior, of the malware
*Detection fails when looking for a specific sequence of instructions that simply matches a pattern, and will not ignore null operations that change the content, but not the execution behavior, of the malware

Revision as of 04:48, 8 April 2024

This article may be deleted soon.
To oppose or discuss a nomination, please go to CZ:Proposed for deletion and follow the instructions.

For the monthly nomination lists, see Category:Articles for deletion.


This article is a stub and thus not approved.
 Main Article
 Discussion
Related Articles  [?]
Bibliography  [?]
External Links  [?]
Citable Version  [?]
 
https://en.citizendium.org/wiki/index.php?title=Malware_polymorphism&printable=yes
This editable Main Article is under development and subject to a disclaimer.

In the context of computer malware, malware polymorphism, often phrased in the context of the malware itself such as polymorphic worm or polymorphic virus, in order to hide itself from malware detection tools (e.g., host intrusion detection system). A simple example would be a worm that contains malicious instructions, but inserts null instructions into the software payload, so:

  • Detection fails when looking for software of a specific length, because the number of null instructions is random in each copy
  • Detection fails when looking for a specific sequence of instructions that simply matches a pattern, and will not ignore null operations that change the content, but not the execution behavior, of the malware
Retrieved from "https://citizendium.org/wiki/index.php?title=Malware_polymorphism&oldid=952070"