What is it?
polymorphic malware is unique permutations of similar malicious code
launched via multiple infection sources in quick succession. It has
become the most popular email-borne malware type because it effectively
manages to circumvent most existing anti-virus engines.
How does it work?
is circulated with slightly modified attributes to make it undetectable
by signature- and behavior-based anti-virus and intrusion-detection
defenses. This exploits the “real-time” vulnerability inherent in
traditional anti-virus solutions, which must
propagate a solution for each variation.
Should I be worried?
an outbreak of server-side polymorphic malware, the hourly/daily volume
of unique variants is high and typically overwhelms traditional
anti-virus solutions. Because the number of samples per variant is
typically low, it can be difficult to track them to
analyze/develop/propagate a response in time.
How can I prevent it?
response is critical. Your solution should “block first and ask
questions later,” examining active outbreaks and preventing them before
they enter your network. If you depend on a system that propagates
responses before acting, it may be too late.
Threat of the Month: Malware
From the - October 2007 Issue of SCMagazine »