What polymorphic means
You'd probably think that polymorphic means that the virus mutates itself, but
mutation isn't the correct word. The body of the virus remains unchanged.
When the virus infects a file, it encrypts itself using a simple routine like
adding a value to each byte of its code. Then it creates a decryptor which
performs the opposite action, i.e., it subtracts the value from each byte of the
code.
What polymorphic means is that it can use different techniques to encrypt its
code, and it can do it in different ways and the decryptor has instructions
which don't do anything inserted in between.
How do they detect it?
Most programs use a generic decryption engine, which "runs" the file. Since the
decryptor must be able to decrypt the virus, the encryption is stripped away,
and because the virus doesn't change, it can be detected easily.
Are there any viruses which mutate their code?
The are some viruses that can do things like swap pieces of code around or
insert do-nothing code into their bodies. They can't make any major changes
to themselves and so are only slightly harder to detect than regular viruses.
An example of a virus which does something like mutation, Ply.
Ply's code is broken into 3-byte long blocks that can be swapped around.
Virus
Page