Previous Column

Next Column

Fred, the Polymorphic Virus

When computer viruses were first spawned, the world reacted in horror. "Viruses are a horrible, destructive, mean-spirited, misuse of computer technology," people cried.

The majority of people, as they look over the smoldering wreckage of their hard disk and field angry phone calls from friends they infected, want to track down the virus author and cause great bodily harm. A few people, however, examine the virus and say to themselves, "I could do better than that."

Sure, some virus research has been done by the artificial intelligence and artificial life scientists for legitimate purposes. Most of it, however, is done in the spirit of hacker oneupsmanship.

A virus can't actually damage your computer hardware? That's what they said until a virus came along which wiped a critical chip on some brands of computer, requiring the main motherboard to be replaced.

You can't be infected with a virus just by reading an email? This one was true until Microsoft made their email program "smarter," and virus authors went to town on it. Now, such viruses are common.

Some authors create viruses for fame and fortune, some just to prove it can be done, and some out of spite, anger, or revenge. This is why several viruses are specifically targeted against anti-virus software.

Anti-virus software saves the day

Companies that produce virus detection software would have you believe that their products will keep you safe and secure. Nothing could be farther from the truth.

There are two primary ways to detect a virus. The first is by scanning for a "signature:" a unique string of bytes associated with a given virus. The problem with this is obvious: a new virus can't be detected until the software company gets a copy, takes it apart, determines the signature, modifies the program, and gets you the update.

The second method scans for virus heuristics. There are certain things that only viruses would do, so the program looks for code that does those things. The problem with this method is that it's pretty easy to fool unless the program is so sophisticated that it picks up many false positives: harmless programs that are mistakenly identified as viruses.

Don't get me wrong. If you have an anti-virus program and keep it updated regularly, you'll avoid many infections. But not all of them. You see, there's one more problem...

Enter Fred

There isn't really a virus called Fred, but it's a lot shorter name than "hypothetical polymorphic virus," so I'm sticking with it.

You know those Might Morphing Power Rangers, that can change from one form to another? Well, Fred is like that. Being polymorphic, each infection is different than the last. There have been some simple polymorphic viruses unleashed on the world, like email worms that change the subject line and attachment name each time they reproduce. There hasn't been anything like the full potential of Fred, though.

Theoretically, Fred could change so much each time it infects a new computer that there's no common signature to scan for. Just like mutations of biological viruses, each time we've almost wiped Fred out, a new variant could come back on its own.

Panic in the streets?

Isn't there anything we can do? Well, we can't stop someone from creating Fred. It's only a matter of time. What we can do is practice safe computing, just like we did before anti-virus programs let us get cocky.

Don't use email software that allows scripts and programs in incoming mail. Don't open attachments you don't expect. Don't download programs from unknown sources. Just be careful and stay abreast of technology news. Fred will hate you for it.

Gary D. Robson is a writer, technology consultant, and geek. He's never written a virus, but he's dissected a few.