What is polymorphic malware and how does it evade signature-based detection? Learn how polymorphism enables malware to change its code structure with each execution, making it difficult for traditional antivirus tools to detect—essential for CompTIA Security+ (Plus) SY0-701 exam success.
Table of Contents
Question
Malware changes its code structure every time it executes to avoid signature-based detection. What is this technique called?
A. Obfuscation
B. Code injection
C. Polymorphism
D. Process hollowing
E. Time bomb
Answer
C. Polymorphism
Explanation
Makes detection harder since each instance looks different.
The technique where malware changes its code structure every time it executes to avoid signature-based detection is called polymorphism.
Polymorphic malware automatically modifies its code or appearance each time it runs, replicates, or spreads, generating a unique version with each instance while preserving its malicious function.
This is achieved using a polymorphic engine that encrypts, obfuscates, or mutates the malware’s code, so each infection looks different to signature-based detection systems.
Techniques include dynamic encryption keys, dead-code insertion, subroutine reordering, and register swapping, all of which change the malware’s signature without altering its behavior.
Because each variant appears unique, traditional antivirus tools that rely on static signatures struggle to detect polymorphic malware. As a result, more advanced detection methods, such as heuristic and behavior-based analysis, are required.
Polymorphism is distinct from obfuscation, which simply hides code, and from metamorphism, which rewrites the entire codebase for each iteration.
Polymorphism allows malware to change its code structure with every execution, making detection by signature-based security tools much more difficult.
CompTIA Security+ (Plus) SY0-701 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the CompTIA Security+ (Plus) SY0-701 exam and earn CompTIA Security+ (Plus) SY0-701 certification.