The threat of a cyber-attack is a serious concern for many organizations. Both huge enterprises and smaller SMBs can become victims of these devastating attacks. Malware is consistently one of the largest cyber threats. Symantec’s 2017 Internet Security Threat Report found that 1 in every 131 emails sent contained malware and there were 357 million new malware variants discovered in 2016.
There were 357 million new malware variants discovered in 2016!
The biggest challenge is that threats are constantly evolving and increasing in number, making it difficult for security solutions to keep up. Malware that evolves in this way is called metamorphic or polymorphic malware. These types of malware are a significant threat to businesses because they are undetectable by the signature-based security systems that most organizations rely upon.
What is Polymorphic Malware and Metamorphic Malware?
Both metamorphic and polymorphic malware are types of malware that slightly change and evolve to slip past security defenses. How they change is what differentiates the two.
Polymorphic malware is defined by TechTarget as “harmful, destructive, or intrusive computer software such as a virus, worm, Trojan, or spyware that constantly changes, making it difficult to detect with anti-malware programs”. It usually contains two different components, one of which stays the same, while the other changes its code slightly to evade anti-virus solutions. These changes can occur through compression or encryption of the code utilizing different keys. Although the code may look different with each iteration of polymorphic malware, the main function remains the same.
Polymorphic malware makes slight code changes to evade standard signature-based email security systems.
Metamorphic Malware Definition
Metamorphic malware completely rewrites its code with every iteration, making it even harder to detect than polymorphic malware. Similar to polymorphic malware the essential function of the malware remains the same even as the code itself changes. The longer this malware remains in a computer or device the more iterations it creates, each one getting increasingly complicated. This constant change makes it nearly impossible for anti-virus solutions to detect, quarantine, and eliminate.
Metamorphic malware completely rewrites its code with every propagation, making it nearly impressible for anti-virus solutions to detect, quarantine, and eliminate.
Metamorphic malware automatically recodes itself with every propagated distribution, essentially removing any type of signature that traditional systems would look for. It uses a variety of code transformation techniques including:
- Register renaming
- Code permutation
- Code expansion
- Code shrinkage
- Garbage code insertion
Remember Ransomware is Malware
In cybersecurity, ransomware is often touted as the biggest threat to organizations, but remember that ransomware is just a subset of malware.