Early malware had specific behaviours and signatures that could be used to track them. These were very characteristic of each of them.
For example, the Melissa Virus of 1999 was usually delivered via an email attachment and only invoked when a user opened the attached .doc file.
It spread quickly due to mass emailing and incorporated a social engineering element. The subject of that email was always along the lines of [Important Message from {user}]. This was a very disruptive virus at that time.
The following year, 2000, an interesting virus popped up: ILOVEYOU. Like Melissa, it was also delivered via email attachment: LOVE-LETTER-FOR-YOU.TXT.vbs.
The emotional appeal of the naming attracted many people to fall victim to it. After opening it, it overwrote many files, including images and other files, and then renamed some file extensions to VBS, making them executable as well.
These two viruses caused havoc, but they were not polymorphic. At least, their behaviour could be mapped for antiviruses then, as they were the same each time and across systems.
Polymorphism indicated malware or malicious behaviour that was cloaked in different code each time, thereby defeating static scanners.
If you think this was strange, Metamorphic malware took it a step further! It did not just change the cloak; it could rewrite the logic of the code entirely!
In summary, polymorphic malware had a key feature of self-encryption & signature mutation. In contrast, metamorphic ones could rewrite logic across infections, sometimes even adding junk code, swapping details and others, but always maintaining the malicious intent.
Despite all the above, there are proven methods to handle such malware, especially polymorphic variants, including keeping software up to date, maintaining data backups etc. Metamorphic ones require ongoing reactive methods. Even these are not foolproof, and more stringent measures are needed. This can be a whole document on its own, and we’ll delve into that another time.
By Loctovia
AI images used here…
Loctovia's Special Space 