Viruses & Worms: Understanding Polymorphic & Metamorphic Threats

Which of the following is true of viruses/worms?

Let's break down some key facts about polymorphic and metamorphic viruses and worms:

True Statements:

• Polymorphic viruses are harder to detect with signature-based techniques than metamorphic viruses. Polymorphic viruses change their code structure each time they replicate, making it difficult for signature-based antivirus software to detect them. Metamorphic viruses, while they also change, do so in a more predictable way.

• Attackers can write a worm that uses multiple different techniques to spread. Worms exploit vulnerabilities to self-propagate across networks. Attackers often design them to use a combination of methods (e.g., email attachments, network shares, software vulnerabilities) for wider reach.

False Statements:

• You can prevent metamorphic viruses from infecting your systems by making your disks read-only after boot-up. While making disks read-only can be a security measure in some limited cases, it's not a practical solution to prevent metamorphic virus infections. These viruses can still infect system memory and other writable areas.

• Metamorphic viruses require private-key (or symmetric key) cryptography to encrypt their payloads. While some malware might use encryption, it's not a defining characteristic of metamorphic viruses. They primarily focus on code transformation for evasion.

• None of the above statements is correct. This is incorrect, as we've identified two true statements.

In summary: Understanding the differences between polymorphic and metamorphic threats is crucial for effective malware analysis and defense.