Ant brought next idea :
> "FromTheRafters" wrote:
>
>> Ant presented the following explanation :
>>> WRT R Lopez's OP; it is very easy to create an executable that has a
>>> unique signature on every download. There is no need for any special
>>> encryption techniqes. One way would be to build an executable with a
>>> section that is never used and fill it with random data. A script on
>>> the server then generates a random section and puts the thing together
>>> when the file is requested.
>> 
>> Yes, I believe that I mentioned server side polymorphism.
>
> So you did.
>
>> Ray asked
>> about malware which encrypts its own signature as opposed to malware
>> which has its encryption or other polymorphism applied from without.
>
> I'm not sure what he means by "the badware uses encryption to change
> its signature". That would imply a virus. However, "badware" could
> mean the controlling software that generates the usual type of malware
> (real viruses are rare these days) - in which case my example applies.

Indeed. I considered the idea of exploit kits as well. He didn't say 
virus so there was no need to go into the is it a virus or not debate 
and he should be commended for using the term malware. Going by the 
post's subject line it seemed to me that he was asking about malware 
whose signature is determined and yet then changed by that very same 
malware, such as the 'polymorphic slow' virus as mentioned in this 
article.

http://repo.hackerzvoice.net/depot_madchat/vxdevl/vdat/polyevol.htm

"'Slow polymorphic' viruses are one such method. They are polymorphic, 
but all samples generated on the same machine will seem to have the 
same decryptor. This may mislead an anti-virus producer into attempting 
to detect the virus with a single search string, as if it was just a 
simple encrypted but not polymorphic virus."
--- NewsGate v1.0 gamma 2