There are many types of viruses that hackers can use to damage systems. Which of the following is not a correct description of a polymorphic virus?

A.
Intercepts antivirus’s call to the operating system for file and system information

B.
Varies the sequence of its instructions using noise, a mutation engine, or random-number generator

C.
Can use different encryption schemes requiring different decryption routines

D.
Produces multiple, varied copies of itself

Explanation:
A: A tunneling virusnot a polymorphic virusattempts to install itself under an antivirus program. When the antivirus conducts its health check on critical files, file sizes,
modification dates, etc., it makes a request to the operating system to gather this information. If the virus can put itself between the antivirus and the operating system, then when the
antivirus sends out a system call for this type of information, the tunneling virus can intercept the call and respond with information that indicates the system is free of virus infections.
The polymorphic virus also attempts to fool antivirus scanners, but it does so by producing varied but operational copies of itself. Even if antivirus software finds and disables one or
two copies, other copies may still remain active within the system.
B is incorrect because a polymorphic virus can vary the sequence of its instructions by including noise, or bogus instructions, with other useful instructions. It can also use a
mutation engine and a random-number generator to change the sequence of its instructions in the hopes of not being detected. The original functionality stays the same, but the code
changes, making it close to impossible to identify all versions of the virus using a fixed signature.
C is incorrect because a polymorphic virus can use different encryption schemes requiring different decryption routines. This requires an antivirus scan for several scan strings, one
for each possible decryption method, in order to identify all copies of this type of virus. Polymorphic virus writers most commonly hide a virus’s payload with encryption and add a
decryption method to the code. Once it is encrypted, the code is meaningless. However, a virus that is encrypted is not necessarily a polymorphic virus. To be polymorphic, the virus’s
encryption and decryption algorithms must mutate with each new version of itself.
D is incorrect because a polymorphic virus produces multiple, varied copies of itself in an effort to avoid detection by antivirus software. A polymorphic virus has the capability to
change its own code, enabling the virus to have hundreds or thousands of variants. These activities can cause the virus scanner to not properly recognize the virus and to leave it to do
its damage.