New techniques hide PDF malware

Coverage of 'Race to Zero' has focussed attention, at least for a short while, on the very real problem that polymorphism poses for those who are trying to filter out all the different types of malware that can arrive on a user's system.

In Information Security terms, polymorphism is used to describe a malware sample that can exist in multiple different forms (usually different binary executables) yet still have the same active payload.

Because polymorphism isn't a new concept there have been a number of techniques introduced over the years to automatically morph software to allow it to slip past protective software. Fortunately for those writing the detection tools, many of these early attempts left obvious signatures in the resultant files, making it fairly straight forward to detect the payload even if it was the first time that a file with that exact byte structure had been created.

Over time the code in use to generate the morphed variants got better and it began to take more effort from the antimalware developers to keep up, with many suggesting that the malware developers are winning.