Mechanisms of Polymorphic and Metamorphic Viruses

Malware has been generally accepted as one of the top security threats to computer systems around the globe. As malware evolves at a tremendous pace and demonstrates new ways to exploit, infect and victimize the computer systems of enterprises and businesses, remaining economically viable is becoming increasingly difficult. The new trends of malware development are focused on the use of complex and sophisticated code to obstruct analysis as well as spoofing contemporary anti-virus scanners. Polymorphic and metamorphic viruses use the obfuscation techniques to obstruct deep static analysis and defeat dynamic emulators. Malware may also employ metamorphism-based methods, including encryption and decryption engines, multi-packer, garbage code insertion, instruction permutation, code transformation, anti-debugging and virtual machine, registry modification and polymorphic engines. The structural mechanisms of both polymorphic and metamorphic viruses will be presented and discussed in this paper. Finally, the new complex computer viruses such as W32/Fujacks and W32/Vundo were researched as well.