
How Polymorphic Malware Evades Detection — And What to Do About It
From The Backup Wrap-Up by W. Curtis Preston (Mr. Backup)
April 6, 2026 · 29 min
About this episode
This episode discusses how polymorphic malware evades detection and what defenders need to do differently.
Polymorphic malware is the kind of threat that changes its own code — its signature, its behavior, even the command-and-control server it reports to — specifically so your antivirus can't catch it. In this episode, Dr. Mike Saylor of Black Swan Cybersecurity joins Prasanna and me to break down exactly how this works, why signature-based detection keeps losing the race, and what defenders actually need to do differently. Mike walks us through ViraLock, one of the most well-known early examples of polymorphic malware, and explains the gap between infection and detection that attackers exploit. We also get into the difference between polymorphic and metamorphic malware — and metamorphic is a lot scarier. Then we cover waterhole attacks, a red team story that will make you rethink how fast attackers can own a network, and what behavioral detection looks like when it's actually working. If you thought keeping your antivirus updated was enough, this episode is going to change your mind. Chapters: 00:00:00 – Intro 01:35 – Meet the guests: Prasanna Malaiyandi and Dr. Mike Saylor 02:58 – What is polymorphic malware? The ViraLock story 05:52 – How polymorphic code changes its own signature…
People in this episode
Host: W. Curtis Preston
Guests: Prasanna Malaiyandi, Dr. Mike Saylor
Topics covered
- polymorphic malware
- malware detection
- cybersecurity
- behavioral detection
- waterhole attacks
- metamorphic malware
Keywords
- polymorphic malware
- malware detection
- ViraLock
- waterhole attacks
- metamorphic malware
- cybersecurity threats
- behavioral detection
Mentioned in this episode
Organizations: Black Swan Cybersecurity
Products: ViraLock
More episodes of The Backup Wrap-Up
- California Election Counting Explained by an Actual Poll Worker · June 8, 2026 · 25 min
- Stop 90% of Ransomware Attacks with Basic Cyber Hygiene · May 25, 2026 · 40 min
- Claude Deletes a Company — But It's Not Really Claude's Fault · May 18, 2026 · 40 min
- How Honeypots and Canary Files Catch Attackers Before They Strike · May 11, 2026 · 34 min
- Network Segmentation to Prevent Ransomware: What the UCSF Attack Taught Us · May 4, 2026 · 47 min
- Stop Using VSS as a Backup Before Ransomware Deletes Your Shadow Copies · April 27, 2026 · 37 min
Explore listener stats, chart rankings, contacts and more on the The Backup Wrap-Up podcast page.