Gary Watson
Data Plus
May 1992
A polymorphic virus is a type of encrypted virus. Let's talk about those first. Many anti-virus programs rely on what we call a "scanner" which looks for an unusual sequence of machine language instructions or other unique data that indicates that a given virus is present. To defeat this, virus writers started encrypting their viruses by applying (for example) a random number exclusive-or'ed with the body of the virus. This obsfucates the unique string of bytes. So, programs like McAfee's scan had to do one of two things: look for the decryption routine (which cannot itself be encrypted since the 808x microprocessor would fail to execute it); or attempt to decrypt the body of the virus and look for the unique string of bytes in the body of the virus.