Virus obfuscation techniques

Most viruses are created using one or more virus obfuscation techniques &mdash; ways of constructing a virus that make it more difficult to detect. If a virus is hard to detect, it is likely to spread more widely. The following are commonly used obfuscation techniques:


 * Self-Encryption and Self-Decryption. Some viruses can encrypt and decrypt their virus code bodies, concealing them from direct examination. Viruses that employ encryption might use multiple layers of encryption or random cryptographic keys, which make each instance of the virus appear to be different, even though the underlying [[code] is the same.


 * Polymorphism. Polymorphism is a particularly robust form of self-encryption. A polymorphic virus generally makes several changes to the default encryption settings, as well as altering the decryption code. In a polymorphic virus, the content of the underlying virus code body does not change; encryption alters its appearance only.

by adding unneeded code sequences to the source code or changing the sequence of pieces of the source code. The altered code is then recompiled to create a virus executable that looks fundamentally different from the original.
 * Metamorphism. The idea behind metamorphism is to alter the content of the virus itself, rather than hiding the content with encryption. The virus can be altered in several waysófor example,


 * Stealth. A stealth virus uses various techniques to conceal the characteristics of an infection. For example, many stealth viruses interfere with OS file listings so that the reported file sizes reflect the original values and do not include the size of the virus added to each infected file.

other means.
 * Armoring. The intent of armoring is to write a virus so that it attempts to prevent antivirus software or human experts from analyzing the virus's functions through disassembly, traces, and


 * Tunneling. A virus that employs tunneling inserts itself into a low level of the OS so that it can intercept low-level OS calls. By placing itself below the antivirus software, the virus attempts to manipulate the OS to prevent detection by antivirus software.

Anti-virus software vendors design their products to attempt to compensate for the use of any combination of obfuscation techniques. Older obfuscation techniques, including self-encryption, polymorphism, and stealth, are generally handled effectively by antivirus software. However, newer, more complex obfuscation techniques, such as metamorphism, are still emerging and can be considerably more difficult for anti-virus software to overcome.