What is it?
Server-side polymorphic malware is unique permutations of similar malicious code launched via multiple infection sources in quick succession. It has become the most popular email-borne malware type because it effectively manages to circumvent most existing anti-virus engines.

How does it work?
It is circulated with slightly modified attributes to make it undetectable by signature- and behavior-based anti-virus and intrusion-detection defenses. This exploits the “real-time” vulnerability inherent in traditional anti-virus solutions, which must
propagate a solution for each variation.

Should I be worried?
With an outbreak of server-side polymorphic malware, the hourly/daily volume of unique variants is high and typically overwhelms traditional anti-virus solutions. Because the number of samples per variant is typically low, it can be difficult to track them to analyze/develop/propagate a response in time.

How can I prevent it?
Real-time response is critical. Your solution should “block first and ask questions later,” examining active outbreaks and preventing them before they enter your network. If you depend on a system that propagates responses before acting, it may be too late.

Source: Commtouch