Polymorphic engine
Encyclopedia
A polymorphic engine is a computer program
that can be used to transform another program into a version that consists of different code with the same functionality. A typical polymorphic engine works by encrypting
the target program in various ways and providing a decryption module that can vary widely.
Polymorphic engines are mainly used by computer virus
es. In this case, the function of the polymorphic engine is to make it difficult for virus scanners to detect and identify the virus. The virus uses the polymorphic engine to encrypt itself in a different way for each program that it infects. As a consequence, it is impossible to detect the virus by searching for a fixed signature in program files, because every part of the encrypted virus is subject to change.
The first polymorphic engine was called MtE (short for Mutation Engine). It was written in 1992 by a virus author who called himself 'Dark Avenger
'.
Computer program
A computer program is a sequence of instructions written to perform a specified task with a computer. A computer requires programs to function, typically executing the program's instructions in a central processor. The program has an executable form that the computer can use directly to execute...
that can be used to transform another program into a version that consists of different code with the same functionality. A typical polymorphic engine works by encrypting
Encryption
In cryptography, encryption is the process of transforming information using an algorithm to make it unreadable to anyone except those possessing special knowledge, usually referred to as a key. The result of the process is encrypted information...
the target program in various ways and providing a decryption module that can vary widely.
Polymorphic engines are mainly used by computer virus
Computer virus
A computer virus is a computer program that can replicate itself and spread from one computer to another. The term "virus" is also commonly but erroneously used to refer to other types of malware, including but not limited to adware and spyware programs that do not have the reproductive ability...
es. In this case, the function of the polymorphic engine is to make it difficult for virus scanners to detect and identify the virus. The virus uses the polymorphic engine to encrypt itself in a different way for each program that it infects. As a consequence, it is impossible to detect the virus by searching for a fixed signature in program files, because every part of the encrypted virus is subject to change.
The first polymorphic engine was called MtE (short for Mutation Engine). It was written in 1992 by a virus author who called himself 'Dark Avenger
Dark Avenger
Dark Avenger was a pseudonym of a computer virus writer from Sofia, Bulgaria. He gained considerable popularity during the early 1990s, as some of his viruses spread not only nationwide, but across Europe as well, even reaching the United States....
'.
External links
- http://vx.netlux.org/lib/static/vdat/epmtervw.htm