Computer Hacking Forensic Investigator (CHFI v10) — Question 480

You are running known exploits against your network to test for possible vulnerabilities. To test the strength of your virus software, you load a test network to mimic your production network. Your software successfully blocks some simple macro and encrypted viruses. You decide to really test the software by using virus code where the code rewrites itself entirely and the signatures change from child to child, but the functionality stays the same. What type of virus is this that you are testing?

Answer options

• A. Polymorphic
• B. Metamorphic
• C. Oligomorhic
• D. Transmorphic

Correct answer: B

Explanation

The correct answer is B, Metamorphic, because this type of virus can completely alter its code while keeping its functionality intact, thus making it harder to detect. Polymorphic viruses (A) change their signatures but do not entirely rewrite themselves, while Oligomorphic (C) and Transmorphic (D) are not standard classifications for viruses in this context.