What Are Polymorphic Viruses?

Polymorphic viruses are the reason why malware is on the rise…

By changing one small component in the malware, a whole new virus is born.  These are known as polymorphic viruses.  Unfortunately, the detection for these viruses is incredibly difficult, because the malware is consistently changing to prevent detection.  Once the malware is identified by traditional anti-virus programs, it changes itself to become a new undetectable virus.

For traditional anti-virus programs, this is a problem because of their malware detection methods.  Most anti-virus programs use a blacklist approach.  This means they have a list of all the known bad programs/files and blocks them from running on your PC.  However, as discussed earlier, these polymorphic viruses are always changing, which makes the latest version unknown.  Thus, withholding the ability to bypass your anti-virus’s blacklisting technology.

One of the best ways to prevent this, is to find an anti-virus software that has a whitelisting technology.  Meaning, it uses a list of all the known good programs and only allows them to run.  By taking this backwards approach, the anti-virus software is able to effectively block polymorphic viruses because no matter what they change to, they still are not a known safe program.

According to Softpedia, there was an 85.7% decrease in identifiable files per malware family, and a 99.1% decrease in identifiable malware in potentially unwanted applications from 2014 to 2015.  They report:

“…this doesn’t mean that the file instances don’t exist, but the use of polymorphic distribution models makes detection of all variants much harder.”

(Visited 21 times, 1 visits today)

22 thoughts on “What Are Polymorphic Viruses?

  1. To the doubters and those that believe PCMatic is too expensive:
    I relate the following; I have used about every free security scanning, big software with PC, or anti-virus program out up until two years ago. I had an HP Pavillon that got infected. I took it to a friendly big box store for repair. They successfully wiped the HD clean. In that process I lost all my pictures, projects, and most anything of importance to me. BBox was supposed to save HD useful data and delete the virus. They had done this work once before for me. But with that loss I began a serious look for something better.
    At the end of my search was PC Matic. I have had several blocked “programs/viruses/files/alleged updates”. One ended up on the white list for all. The others were viruses blocked and removed by PC Matic Customer Clan.
    Those folks are most helpful in both attitude and instructions. Just yesterday I was helped with two blocked viruses. The week before one blocked from a major software house was shown to be indeed a white listing for all users of PCMatic.
    Cost is minimal when compared to the hassle of dealing with failure of big box and thus loss of PC. Anyone who does not have $50 per year to use on their own PC is not looking hard enough where they are spending/wasting money each year. I’ve even recommended PCMatic to my former employer, I’m retired. So you know I’m on fixed income and $50 is important but keeping a clean system is more so.

  2. I don’t know about “whitelist” but Avast has an exclusion list that lets you list programs you don’t think need scanning. Isn’t that the same thing? Even Malwarebytes has that. In their free versions,.

    • No, our whitelist is a list of the known virus-free programs/files. If a file or program is not on the whitelist it is not allowed to run, unless the user goes through an manually adds it to their whitelist. This is not encouraged, as they don’t know if any malicious files have been added to the program.

      If a program is not on the whitelist, and is not allowed to run, it automatically is sent to our research team. Within 24 hours it is recategorized as either a safe or malicious file. If it’s deemed safe, the user now has access. Again, if the user decides not to wait, they can manually run the program without waiting for our research team.

  3. Why can’t or won’t congress go after the crooks. It’s as simple as curtailing aid to the offending countries. Cut off the bean$ and watch the fur fly!

  4. Shouldn’t all antivirus software have whitelist technology. If PC Matic is the program that has the whitelist technology, then other antivirus software needs this technology to stop polymorphic viruses.

  5. So traditional antivirus use blacklist technology. So will the antivirus developers make a whitelist for traditional antivirus software to catch “polymorphic” viruses? Also we all know how everyone like freeware antivirus software and will this whitelist technology be used for freeware antivirus software?

  6. Ok, just use secure a plus. Also I would love to think”polymorphic” is some new term but since it has been around as long as article writer taking “my life with the thrill kill kults” name is also getting posted, it lends little credence. Easy solution for you all, check your files by modified date, happens to be today and isn’t a windows system file, you might be infected (or just installed itunes)

  7. I asked Leo and am waiting for his input on a, what I feel, is a great little firewall by the name of “TINYWALL”. As one article mentioned here, “Whitelist”, that’s what Tiny Wall does in that you set it up “Manage” what programs can goe-out and decide if any installed programs can receive ANYTHING via the Web. I use Tiny Wall and love it.

  8. White list “every” program? First, that would take hours, second, the list would be enormous. How do to this?

Leave a Reply

Your email address will not be published. Required fields are marked *