An encrypted virus is a computer virus that encrypts its payload with the intention of making detecting the virus more difficult. A virus using encryption to hide from virus scanners. That is, the encrypted virus jumbles up its program code to make it difficult to detect. An encrypted virus’s code begins with a decryption algorithm and continues with scrambled or encrypted code for the remainder of the virus. Each time it infects, it automatically encodes itself differently, so its code is never the same. Through this method, the virus tries to avoid detection by anti-virus software
How encrypted Virus work ?
This virus has two parts, small decryptor, and the encrypted virus body. When the virus is executed, the decryptor will execute first and decrypt the virus body. Then the virus body can execute, replicating, or becoming resident. The virus body will include an encryptor to apply during replication. A variably encrypted virus will use different encryption keys or encryption algorithms.
A payload refers to the component of a computer virus that executes a malicious activity. More powerful payloads (complex Viruses) lead to more damage. Most of the time the encrypted virus payload is Cryptoloacker, Ransomware. This virus is usually distributed via spam, infected sites, or through the use of other malware
Detection of encrypted Virus
Encrypted malware is engineered to evade detection by traditional antivirus tools, the best solutions for this threat use advanced, behavior-based detection techniques. Behavior-based detection solutions like endpoint detection and response or advanced threat protection can pinpoint threats in real-time. Behavior-based malware protection is more accurate than traditional signature-based methods.
An encrypted virus should not be confused with the more recent computer viruses like a crypto locker that encrypt the data on your hard drive and hold it for ransom.