Commenced in January 2007
Frequency: Monthly
Edition: International
Paper Count: 31249
Advanced Polymorphic Techniques

Authors: Philippe Beaucamps


Nowadays viruses use polymorphic techniques to mutate their code on each replication, thus evading detection by antiviruses. However detection by emulation can defeat simple polymorphism: thus metamorphic techniques are used which thoroughly change the viral code, even after decryption. We briefly detail this evolution of virus protection techniques against detection and then study the METAPHOR virus, today's most advanced metamorphic virus.

Keywords: Polymorphism, Metaphor, obfuscation, Computer virus, Viral mutation, Meta¬morphism, Virus history, Viral genetic techniques

Digital Object Identifier (DOI):

Procedia APA BibTeX Chicago EndNote Harvard JSON MLA RIS XML ISO 690 PDF Downloads 2106


[1] John Aycock. Computer Viruses and Malware. Springer, 2006.
[2] Philippe Beaucamps and ´Eric Filiol. On the possibility of practically obfuscating programs – towards a unified perspective of code protection. Journal in Computer Virology, 3(1), April 2007.
[3] Fred Cohen. Computer viruses - theory and experiments, 1984.
[4] ´Eric Filiol. Strong cryptography armoured computer viruses forbidding code analysis: the BRADLEY virus. In Proceedings of the 14th EICAR conference, May 2004.
[5] ´Eric Filiol. Computer viruses: from theory to applications. Springer Verlag, 2005.
[6] ´Eric Filiol. Advanced viral techniques. Springer Verlag France, 2007. An english translation is pending, due mid 2007.
[7] Kharn. Exploring RDA. .aware eZine, 1, January 2007.
[8] Mark Ludwig. Computer Viruses, Artificial Life and Evolution. American Eagle Publications, Inc., 1993.
[9] Mark Ludwig. The Giant Black Book of Computer Viruses. American Eagle Publications, Inc., 1995.
[10] George Marsaglia. Xorshift RNGs. Journal of Statistical Software, 8(14), 2003.
[11] The Mental Driller. METAPHOR source code. Version 1D available at: view.php?
[12] The Mental Driller. TUAREG details and source code. Available in 29A#5:
[13] The Mental Driller. Advanced polymorphic engine construction. 29A, 5, December 2000. Available at:
[14] The Mental Driller. Metamorphism in practice or ”how i made METAPHOR and what i’ve learnt”. 29A, 6, February 2002. Available at:
[15] MidNyte. An introduction to encryption, April 1999. Available at:{04,05,06}.html.
[16] James Riordan and Bruce Schneier. Environmental key generation towards clueless agents. In Lecture Notes In Computer Science, volume 1419, pages 15 – 24, 1998.
[17] Alisa Shevchenko. The evolution of self-defense technologies in malware. Available at:, July 2007.
[18] Diomidis Spinellis. Reliable identification of bounded-length viruses is NP-complete. IEEE Transactions on Information Theory, 49(1):280 – 284, January 2003.
[19] Peter Szor. The Art of Computer Virus Research and Defense. Addison Wesley Professional, 2005.