Oligomorphic code

An oligomorphic engine is generally used by a computer virus to generate a decryptor for itself in a way comparable to a simple polymorphic engine. It does this by randomly selecting each piece of the decryptor from several predefined alternatives. The pieces used to build the decryptor are usually too common to be detected with signatures. However, most oligomorphic viruses aren't able to generate more than just a few hundred different decryptors, so detecting them with simple signatures is still possible. Another method to detect an oligomorphic decryptor is to make a signature for each possible piece of code, group pieces that can substitute each other together and scan the file for a chain of decryptor pieces from alternating groups. Emulation may be used to detect the virus, but it can take more resources than necessary.

See also

• Timeline of notable computer viruses and worms
• Polymorphic code
• Metamorphic code
• Self-modifying code
• Alphanumeric code
• Shellcode
• Software cracking
• Security cracking
• Obfuscated code