Scribd
Upload
20 views13 pages

Polymorphic & Metamorphic Malware

Polymorphic & Metamorphic Malware 1

Uploaded by

K arun kumar Arun
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
20 views13 pages

Polymorphic & Metamorphic Malware

Polymorphic & Metamorphic Malware 1

Uploaded by

K arun kumar Arun
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 13

POLYMORPHI

C&
METAMORPHI
C MALWARE
Presentatio By:
Shashank M (20221LCC0002)
Introduction
• Malware: Malicious software
designed to infiltrate systems, steal
data, or disrupt operations.
• Evolution of Malware: Traditional
malware is easily detectable due to its
static nature.
• Polymorphic and Metamorphic
Malware: Advanced techniques that
make malware more elusive and
challenging to detect.
Polymorphic
Malware
• Malware that changes its code but
retains its original functionality each
time it propagates or executes.

• How It Works:

• The use of encryption or obfuscation to


hide the malicious payload.

• Role of decryption routines that change


dynamically.
Key
Techniques:
• Code encryption with changing keys.

• Mutation engines that alter code


appearance during execution or
propagation.

• Example: The "Storm Worm" and its


evasion techniques.
Detection
Challenges:

• Signature-based detection fails due to


frequent code changes.

• High resource demands for dynamic


analysis of every sample.

• Example: Difficulty in detecting


polymorphic ransomware.
Metamorphic
Malware
• Malware that rewrites its own
code with each iteration,
creating functionally
equivalent but syntactically
different versions.
How It Works:
• Self-rewriting algorithms to mutate
the entire codebase.

• Elimination of static patterns through


register renaming, code substitution,
and junk code insertion.
Key Detection
Techniqu Challenges
• Fails static and heuristic

es
• Code obfuscation and
recompilation.
analysis due to complete
code changes.

• Advanced mutation engines for • Requires sophisticated


complete transformation. behavior-based analysis
techniques.
• Example: "Zmist" or "Simile"
and their rewriting abilities. • Real-world impact on
antivirus engines.
Comparison of
Polymorphic and
Metamorphic
Malware
• FeaturePolymorphic
MalwareMetamorphic MalwareCode
AlterationLimited to
encryption/obfuscationFull rewriting of
codeComplexityRelatively simpler to
implementRequires advanced
algorithmsDetectionDynamic analysis
can be effectiveBehavior-based
detection is criticalExampleStorm
Worm, CryptoLockerZmist, Simile
Polymorp Metamorphi
hic c Malware
Malware Example
Example
• "CryptoLocker"
• "Zmist Virus": Full
ransomware:
Encryption code mutation and
techniques and impacts on
evasion capabilities. detection systems.
Challenges:
• High false-positive rates in ML-based
systems.

• Computational overhead in analyzing


large volumes of data.
Conclusion and Future
Outlook
Summarize the threats posed by
polymorphic and metamorphic malware.

Importance of advancing detection


techniques to outpace malware evolution.

Emphasize the need for global


collaboration in cybersecurity research.
THANK
YOU
Presented By : Shashank M
(20221LCC0002)

You might also like