Polymorphic engine

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

A polymorphic engine (sometimes called mutation engine or mutating engine) is a computer program that can be used to transform a program into a subsequent version that consists of different code yet operates with the same functionality. For example, 3+1 and 6-2 both achieve the same result, yet use completely different code.

Polymorphic engines typically work either by encrypting code, or obfuscating code, the latter of which may not involve any encryption at all.

Polymorphic engines are used almost exclusively by computer viruses, shellcodes and other malware, with the main purpose being to make it hard for virus scanners and other security software to detect and identify the body of the malware as traditional "fixed signatures" cannot usually be used.

The first polymorphic engine was called MtE (short for Mutation Engine). It was written in 1992 by a virus author who called himself 'Dark Avenger'.

A polymorphic packer is a type of polymorphic engine. A polymorphic packer is a software tool, which rolls up several kinds of malware into a single package, such as an e-mail attachment, and has the ability to make its "signature" mutate over time, so it is more difficult to detect and remove.

See also[edit]