Polymorphic viruses are the reason why malware is on the rise…
By changing one small component in the malware, a whole new virus is born. These are known as polymorphic viruses. Unfortunately, the detection for these viruses is incredibly difficult, because the malware is consistently changing to prevent detection. Once the malware is identified by traditional anti-virus programs, it changes itself to become a new undetectable virus.
For traditional anti-virus programs, this is a problem because of their malware detection methods. Most anti-virus programs use a blacklist approach. This means they have a list of all the known bad programs/files and blocks them from running on your PC. However, as discussed earlier, these polymorphic viruses are always changing, which makes the latest version unknown. Thus, withholding the ability to bypass your anti-virus’s blacklisting technology.
One of the best ways to prevent this, is to find an anti-virus software that has a whitelisting technology. Meaning, it uses a list of all the known good programs and only allows them to run. By taking this backwards approach, the anti-virus software is able to effectively block polymorphic viruses because no matter what they change to, they still are not a known safe program.
According to Softpedia, there was an 85.7% decrease in identifiable files per malware family, and a 99.1% decrease in identifiable malware in potentially unwanted applications from 2014 to 2015. They report:
“…this doesn’t mean that the file instances don’t exist, but the use of polymorphic distribution models makes detection of all variants much harder.”