A polymorphic virus is a computer virus which is capable of mutating itself when it replicates, making it more difficult to identify with ordinary antivirus software. To effectively find such viruses, antivirus software needs to have more complex algorithms available to help it identify distinctive patterns which can betray the presence of a virus even when the code behind the virus is not known to the software. Such software tends to be more expensive, reflecting the additional effort required during development and updates to make the software functional.

The first known polymorphic virus was developed in 1990, in the early days of the Internet, illustrating the fact that virus creators have always been ahead of the curve when it comes to developing malicious code. Polymorphic viruses operate with the assistance of an encryption engine which changes with each virus replication; this keeps the encrypted virus functional, while still hiding the polymorphic virus from the computer it infects and allowing the virus to slip through security systems which are designed to prevent malicious code from entering or exiting a network.

Essentially, the designers of polymorphic viruses have integrated a trait associated with viruses which infect humans into the design of their software, designed to infect computers. Human viruses are infamous for being able to mutate rapidly to avoid detection and prevent the buildup of immunities, and when a computer virus has a similar trait, the results can be unpleasant for computer users. It can be difficult to mount an adequate defense against a polymorphic virus, even with excellent antivirus software which has been designed to attempt to detect such viruses.

Polymorphic viruses can operate in different ways. Some mutate with each infection, making the virus extremely difficult to track. Others change with each generation. The speed of mutation is also highly variable. Some viruses mutate more slowly, which can make it easier to catch them, while others change very quickly. All of these variations, as a whole, make polymorphic viruses very diverse, which adds to the challenge of pinning them down.

Infection with a polymorphic computer virus can be a serious problem. While all computer viruses are designed to remain undetected for as long as possible, so that they can exact the maximum damage and increase their chances of infecting other computers, a polymorphic virus can linger undetected even on a system with antivirus software in place. People may also be lulled into thinking that their system is clean because they have such software and they update it regularly.