![]() Evolution and Detection of Polymorphic and Metamorphic Malwares: A SurveyĪt this point, we’re more than able to construct a working hypothesis – concerning the question “what is polymorphism?”, we can state that, in cybersecurity, this refers to a malware’s ability to create numerous encryption-decryption routines in order to disrupt the anti-malware software’s signature-derivation mechanism. “(…) polymorphic malwares (!sic) are created by using the obfuscation techniques (dead-code insertion, register reassignment, subroutine reordering, instruction substitution, code transposition/integration, etc.)”. In “Evolution and Detection of Polymorphic and Metamorphic Malwares (sic!): A Survey”, the authors noted that: However, if you’re interested in learning more about this topic or perhaps furthering your knowledge concerning OOP, you should definitely check Jonathan Johnson’s thoughts on the fine points of E2E applications. Since polymorphism’s OOP applicability is not a part of today’s article, I’ll skip the technicalities. As such, in programming, polymorphism becomes the bedrock of OOP (Object-Oriented Programming) and it’s used for providing a single interface to multiple entity classes, or the use of a single symbol to represent numerous different types. In fact, without polymorphism, it would be impossible to achieve inter-application communication. While polymorphism can, in many instances, be synonymous with malware or any type of illegal, online-bound activity at that, but the term itself was neither coined by cybersec researchers nor limited to the field. In a Cybercrime Magazine article about the harmful effects of polymorphic malware, author Ann Johnson noted that 96% of Windows Defender’s positive detections registered in 2017 pointed towards what can be conceived as polymorphic malware – one-time-only detections after which, the malicious files disappeared as having been plucked away by an invisible hand. Polymorphic malware is specifically designed to counter detection techniques, most often passing ‘evil’ code off as a system-sanctioned process or service. Polymorphism sounds pretentious, often poised to baffle the reader instead of making things a tad clear, so, to solve this pompous enigma, here’s what you should know – “poly” means “many”, while “morphism” may hint to “shape”, “form”, characteristics”. In cybersecurity, the word polymorphism is used to describe a class or, at times, individual malware capable of changing base (i.e., identifiable) features and/or behavior to circumvent detection grids and achieve its end goal. So, without further ado, let’s try to answer the $1 million question “what is polymorphism?”. Yes, I agree that it sounds like something Bender from Futurama would say if he were to justify a dry cough, but we ain’t there just yet. There’s nothing special about malware creators trying to hide their code, contraptions, or tracks come to think of it, it’s kind of a ‘job requirement’.Anyway, with “hiding” being the word du jour, in this article, I’m going to deep-dive into the wonderous, cloak-and-daggerish world of polymorphic malware. ![]() I wouldn’t go as far as placing a stack of Benjamins under the rug, but the idea of adding the element of surprise can befuddle even the most adept bloodhound. They say that the best way of hiding something is to stow it away in plain sight.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |