ARE METAMORPHIC VIRUSES REALLY INVINCIBLE ? PART 1

When you consider all the tricks that a virus writer can use to break AV scanners, metamorphic viruses, such as Win32/Evol, Metaphor (aka W32/Simile, see VB, May 2002, p.4) and W95/Zmist (see VB, March 2001 p.6) appear invincible. These viruses transform their code as they propagate, thus evading detection by analysers that rely on static information extracted from previously observed virus code. The viruses also use code obfuscation techniques to hinder deeper static analysis. Such viruses can also beat dynamic analysers by altering their behaviour when they detect that they are executing under a controlled environment.