What is polymorphism?

A lot of antivirus and other internet security programs use patterns and other criteria to create definitions that they use recognize viruses, worms, and other types of malicious software (or “malware”). But there’s a tactic that cybercriminals can use to prevent their malicious code from being detected, called “polymorphism”. Think of polymorphic malware as shape-shifting. It uses a polymorphic engine to make the code mutate each time it runs, while keeping the original purpose of the malware the same. If a security program relies solely on definitions to detect malware, it won’t be able to stop polymorphic variants, which can self-replicate endlessly, changing just enough to avoid matching the definition each time.

The best way to stay safe from polymorphic threats is with a security solution that detects malware using behavioral analysis or heuristics, not definitions. In the case of behavior-based detection, the security software would look at a file’s behavior, not just its code, to see if it behaved like a virus, even if it didn’t match any definitions of previously identified malware. Meanwhile, heuristic analysis would examine all the components of a file to identify those that a threat might share, rather than trying to run a one-to-one match-up with existing definitions.

As always, we highly recommend installing internet security software on all your devices (mobile phones too, where applicable); keep your software and operating systems up to date; avoid risky behavior online like sharing personal information and downloading files and applications from untrusted sources; and use a backup solution so you can recover your important files if something goes wrong.

Find the right cybersecurity solution for you.