What is the difference between metamorphic and polymorphic viruses

Viewed 7k times. Can someone provide an example of polymorphic code either through a link or in an answer? Thank you,. Improve this question.

Frank C. Shuzheng Shuzheng 8, 9 9 gold badges 58 58 silver badges bronze badges. Metamorphic code is a quine. It must deal with auto-reference. Polymorphic code is generated by a polymorphic engine.

In short, you can think of both as two parts: a code that change other code b code that do the real work. The difference is only in the first part, a, for metamorphic such part must be able to change itself, for polymorphic code the text in parenthesis must be added. Also from the same page in wikipedia: " This differs from polymorphic code, where the polymorphic engine can not rewrite its own code.

MargaretBloom - Thanks for your answer! Can you think of any ressources showing how to write a simple polymorphic engine or metamorphic code? Googling around, it seems but topics are a bit of a taboo or somewhat unpopular.

I don't, but this answer has some on topic links. Specially this one. Add a comment. Active Oldest Votes. Improve this answer. Ross Ridge Ross Ridge While all malware is inherently malicious, though, there are different types of malware, including polymorphic and metamorphic.

Encryption keys are used to encrypt data. Polymorphic malware leverages an encryption key so that it can change its data, or more specifically, its code. There are polymorphic viruses, and there are metamorphic viruses. Both types of viruses morph while they spread. Metamorphic viruses, as well as other types of metamorphic malware, simply rewrite their code. Only polymorphic malware uses an encryption key. What is Polymorphic Virus — Definition, Functionality 2. What is Metamorphic Virus — Definition, Functionality 3.

A polymorphic virus is a complicated computer virus. It is encrypted with a variable encryption key. Therefore, each copy of the virus is different from others. In other words, it is a self-encrypted virus designed to avoid detection by an anti-virus software or scanner. Assume that one user went to a website and downloaded an executable file.

Then another user goes to the same link and downloads the same executable file. Both users receive two different files. The attack code is located inside the file. Even though the attack code is the same, it is encrypted with different keys each time. It is possible to recognize that both are the same by decrypting the attack code.

Therefore, a polymorphic virus is difficult to detect using scanners and antivirus software. Polymorphic viruses can be detected using two techniques. They are the entry point algorithm and the generic description technology. The entry point algorithm uses a special virus detection program to check the machine code at the entry point of each file.