Computer Hacking Forensic Investigator (CHFI) — Question 110

You are running known exploits against your network to test for possible vulnerabilities. To test the strength of your virus software, you load a test network to mimic your production network. Your software successfully blocks some simple macro and encrypted viruses. You decide to really test the software by using virus code where the code rewrites itself entirely and the signatures change from child to child, but the functionality stays the same. What type of virus is this that you are testing?

Answer options

• A. Polymorphic
• B. Metamorphic
• C. Oligomorhic
• D. Transmorphic

Correct answer: B

Explanation

The correct answer is B, metamorphic virus, as it modifies its entire code with each iteration while preserving its behavior. Polymorphic viruses change their signatures but not the underlying code structure, while oligo- and transmorphic viruses are less commonly referenced and do not fit the description provided.