Metamorphic virus

Virus that changes its own code with each infection

A metamorphic virus is one that is capable of rewriting its own code with each infection, or generation of infections, while maintaining the same functionality.

The rewriting process allows each infection to appear different from others, but the changes are not supposed to affect the functionality of the code. This is intended to avoid detection by anti-malware software, but can usually be overcome via emulation or other techniques, and in many cases is deployed in a flawed manner leading to large numbers of misinfections. The complex technology required to do the rewriting is known as a metamorphic engine, and the same such engine may be implemented in several different virus variants.

The term is often used interchangeably with polymorphic virus.

Poll

How do you run your anti-malware solution?
I use the default settings
I've set it to be less strict than the default
I've set it to be stricter than the default
I don't use an anti-malware solution
I don't know

Leave a comment
View 11 comments
Jobs Recruit Sidebar

Virus Bulletin

In this month's magazine:
  • Social networking meets social engineering
  • Flying solo
  • Geneva convention
  • 7th German Anti Spam Summit 2009
  • Anti-phishing landing page: turning a 404 into a teachable moment
  • An update on spamming botnets: are we losing the war?
  • Windows Server 2008 Standard Edition SP2 x86
Virus Bulletin 10 2009
Subscribe now!
Virus Bulletin currently has 187,722 registered users.