A polymorphic virus is a complex file infector that can change itself to evade detection while retaining its routines after every successful infection. To modify its physical file makeup during each infection, the virus encrypts its code using a different encryption key.
Think of a polymorphic virus as a shapeshifter. Each time you think you’re close to identifying and blocking it, it changes form. But while its looks may have changed, its goal remains the same—to stop your computer from working.
Threat actors use polymorphic viruses primarily to avoid getting detected by traditional security systems and solutions—those that are not yet capable of recognizing threats that have yet to be identified or so-called “emerging threats” or “unknown threats.”
Read More about “Polymorphic Virus”
Before we go into the nitty-gritty, let’s tackle the basics first with some definitions.
- File infector: A type of malware that infects executable files to cause permanent damage or render them unusable. It overwrites code or inserts infected code into an executable file.
- Encryption key: A random string of bits explicitly created to scramble and unscramble data. Only known to its owner, it keeps information secret.
- Traditional security system/solution: A cybersecurity platform or tool that isn’t endowed with advanced machine learning (ML) algorithms to recognize patterns and detect a file’s similarities to known threats.
How Does a Polymorphic Virus Get into Users’ Systems?
A polymorphic virus can spread via spam, malicious sites, and other malware variants. Examples of polymorphic viruses include:
- Ursnif or Gozi: Used for attacks targeting Italian users to phish confidential information.
- Virlock: Used in police ransomware attacks that affected tons of users in the U.K. in 2019.
- Vobfus: Once worked hand-in-hand with Beebone, which turned infected computers into bots in attacks that caused mayhem back in 2013.
- Bagel, Beagle, or UPolyX: Infected systems in 2018 via spamming.
How Do You Know If Your System Has Been Infected with a Polymorphic Virus?
While polymorphic viruses are hard to detect, there are still telltale signs of infection, including:
- An unusual or sudden system slowdown often indicates polymorphic virus infection, as it causes the computer to spin up extra cycles while encrypting files.
- Seeing odd requests like one that asks you to enter a password to access a website or use an application that didn’t require you to do so before is also a sign of polymorphic virus infection.
- Suddenly ending up on a site you didn’t want to access (i.e., didn’t type the URL for) can be a sign of malicious redirection by a polymorphic virus. Unexpected popup ads that prevent you from accessing sites can also indicate infection.
How Can You Avoid Polymorphic Virus Infection?
Polymorphic viruses may be hard to detect but doing so is still possible. Here are some of the best practices.
- Don’t settle for a security solution that provides basic security. Choose one that offers protection from both known and unknown threats. Purchase an antimalware solution that offers heuristic scanning or behavior-based detection.
- Every time your security solution prompts you to update, do so. The upgrade is likely to protect your entire network from the latest threats.
- Keep an eye out for malicious spam, ads, and prompts. Never download attachments or click links embedded in emails whose senders you don’t know. They could be polymorphic viruses in disguise. Avoid clicking popup ads, especially if they require you to give out personal information like your email address. If you see a prompt, do the same thing. Caution is key to avoiding malware infection.
- Use strong passwords and regularly change them.
- Back up your data regularly. That way, even if you get locked out of your system or applications, you can still work or accomplish tasks while the security team fixes things.
While you may no longer see polymorphic viruses in the news these days, they remain in use today (probably just took on a new form). Whatever happens then, the risks they pose are real, so be sure to take the necessary precautions.