We are all aware of the dangers of malware, especially on the web. Special protection programs against various threats cost good money, but is there any sense in these costs? Consider the most common types of infection of information carriers, in particular the most dangerous of them - polymorphic viruses.
The meaning of infection
By analogy with medicine, computer systems are considered as separate "organisms" that are capable of catching an "infection" during interaction with the surrounding digital environment: from the Internet or through the use of unverified removable media. Hence the name of most malware - viruses. At the beginning of their appearance, polymorphic viruses served as entertainment for specialists, something like testing their abilities, as well as testing the protection systems of certain computer systems and network resources. Now, hackers have moved from overindulgence to openly criminal actions, and all because of the globalization of digital banking systems, which opened access to electronic wallets from almost anywhere in the world. The information itself, which is now also hunted by the authors of viruses, has now become more accessible, and its value has increased tens and hundreds of times compared with digital times.
Description and history of occurrence
Polymorphic viruses, according to the name, are able to change their own code when creating their own copy. Thus, the proliferated virus cannot be detected by antivirus agents using a single mask and is detected entirely in a simple scan cycle. The first virus with technology to change its own code was released back in 1990 under the name chameleon. The technology for writing viruses was developed a bit later with the advent of polymorphic code generators, one of which, under the name Trident Polymorphic Engine, was distributed with detailed instructions in the BBS archives. Over time, the technology of polymorphism has not undergone major changes, but other ways to hide malicious actions have appeared.
Virus spread
In addition to mail systems that are popular with spammers and virus writers, mutant viruses can get into the computer along with downloaded files when using infected Internet resources via special links. For infection, it is possible to use infected duplicates of known sites. Removable storage media, usually with the rewriting function, can also become a source of infection, as they may contain infected files that the user is able to launch himself. Various installers' requests to temporarily disable antivirus software should be a signal to the user, at least for a deep scan of the launched files. The automatic spread of viruses is possible if attackers detect flaws in security systems; such software implementations are usually aimed at certain types of networks and operating systems. The popularization of office software also attracted the attention of cybercriminals, resulting in special infected macros. Such virus programs have a serious drawback, they are βtiedβ to the file type, macro viruses from Word files cannot interact with Excel spreadsheets.
Types of polymorphism
Polymorphic constructions are divided according to the complexity of the algorithms used into several groups. Oligomorphic ones - the simplest ones - use constants to encrypt their own code, so even a lightweight antivirus can calculate and neutralize them. The following are codes with several instructions for encrypting and using the βemptyβ code; to detect such viruses, security programs must be able to filter out junk commands.
Viruses that use a change in their own structure without loss of functionality, as well as implement other low-level encryption techniques, already pose serious difficulties for antivirus detection. Incurable polymorphic viruses consisting of program blocks can write parts of their code to various places in the infected file. In fact, such viruses do not need to use "empty" code, which uses the executable code of infected files. Fortunately for users and developers of antivirus software, writing such viruses requires serious assembler knowledge and is available only to very high level programmers.
Goals, objectives and principle of action
The virus code in the network worm can be a big threat, because, in addition to the speed of spread, it provides a harmful effect on data and infection of system files. The head of the polymorph virus in worms or in the basis of their program code makes it easier to bypass the protective equipment of computers. Viruses can have various goals, from simple theft to complete destruction of data recorded on permanent media, as well as disruption of the operating systems and their complete destabilization. Some virus programs can transfer computer control to cybercriminals to explicitly or covertly launch other programs, connect to paid network resources, or simply transfer files. Others are able to quietly "settle" in RAM and control the current process of executing applications in search of suitable files for infection or in order to interfere with the user's work.
Security methods
Installing an antivirus is mandatory for any computer connected to the network, since operating systems are not able to independently protect themselves from malicious programs, except for the simplest ones. Timely updating of databases and systematic file checks, in addition to continuous monitoring of the system, will also help to recognize the infection in time and eliminate the source. When using outdated or weak computers, today you can install a lightweight antivirus that uses cloud-based storage of virus databases. The choice of such programs is very wide, and all of them are to varying degrees effective, and the price of antivirus software does not always indicate its high reliability. A definite plus of paid programs is the presence of active user support and frequent updating of virus databases, however, some free analogues also respond in time to the appearance of new virus signatures on the network.