What Is a Polymorphic Virus?
A polymorphic virus is malware that can adapt, or “morph,” to avoid detection and circumvent security tools.
The polymorphic virus code is encrypted during each attack and makes use of a new decryption key each time it morphs. This rapid evolution ability makes it nearly impossible for traditional cybersecurity defenses to withstand a cyber attack, since tools like antivirus software or anti-malware use signature detection methods that can be easily bypassed by the polymorphic virus.
A Brief History of Polymorphic Viruses
In the 1990s, researchers seeking to demonstrate the limits of the antivirus tools currently available developed a virus called V2PX.
Instead, V2PX inspired cybercriminals, who made effective use of the advanced capabilities of the virus. Since then, there have been numerous adaptations and revisions to the original polymorphic virus, and today many malware attacks include some form of polymorphism in their code.
A Note on Polymorphic vs. Metamorphic Viruses
While polymorphic viruses transform using a variable encryption key, metamorphic viruses can alter their codes without the use of a variable encryption key.
What Does a Polymorphic Virus Do?
A polymorphic virus attack follows a predictable path. First, the cybercriminal encrypts the virus code, masking it so that it can pass undetected through antivirus software or anti-malware software. Once the virus has bypassed security, it will be installed on the computer network via a specific endpoint. After it has been installed, the infected virus file is decrypted.
A mutation engine quickly crafts a new routine for decrypting the virus file, so that it looks like a completely different file. This makes the virus undetectable by security tools, so it can pass through security barriers undetected once again — even if an earlier variation of the same virus has been identified and blocked in the past.
Once it has gained access to the computer network, the virus will produce malicious code that can further the process, copying itself and shifting its identifiable traits so that it can penetrate further into the computer system, causing lasting damage.
Examples of Polymorphic Viruses
There are many famous polymorphic viruses that have gained attention for the specific types of damage they can inflict. Here are a few variations of polymorphic virus attacks.
VirLock Ransomware Attack
VirLock was an early example of polymorphic ransomware. The malware was passed from computer to computer via cloud storage access points and shared apps. Once it was deeply embedded, the malware acted like ransomware, locking users out of the system and demanding that victims pay the ransom or lose access to secure systems and files.
Storm Worm Multi-Layer Attack
The infamous 2007 Storm Worm attack was a Trojan passed along via email. When unsuspecting victims opened the file attached to the email, the virus was released, infecting the computer and transforming the victim’s computer system into a bot. The Storm Worm attack affected over 1 million distinct endpoints, causing damage to thousands of victims.
CryptoWall Ransomware Attack
The CryptoWall polymorphic virus is another example of ransomware. The virus variation infects a user’s computer system, encrypts the files stored there so the user cannot access their secure files, and then demands a fee to decrypt the files again. The mutation engine powering CryptoWall can provide nearly endless varieties of transformations for each new attack.
Beebone Malware Attack
Beebone used polymorphic malware to take over thousands of individual computers. With access to this vast network, bad actors created a botnet that they could use to attack financial institutions with ransomware and spyware attacks.
How You Can Prevent a Polymorphic Virus
Understanding the way polymorphic viruses work is the first step to preventing it from penetrating your computer’s security systems. But here’s what else you can do:
- Make sure to regularly update your computer operating system and applications. Install an up-to-date antivirus software that includes cloud-based security tools.
- Avoid clicking on pop-up ads, opening any suspicious files attached to emails, and downloading free software that seems unsecured.
- Practice good password hygiene. Wherever possible, avoid using public Wi-Fi networks, or logging in to your accounts through any unsecured Wi-Fi network.
- Use multi-factor authentication (MFA) on your devices and logins.
- Take a closer look before you approve cookies on any website, especially a site that seems suspicious.
- Send unsolicited emails to the spam folder, and do not open any attachments from senders you don’t recognise.
- Partner with a managed security operations provider who can provide 24×7, human-led monitoring, detection, and response to detect polymorphic malware that automated tools miss.