Via the Internet, individuals and organizations with malicious intent distribute software that damages computer systems and/or is used to steal the personal information of users (including individual users or entities such as companies). Such malicious software, or malware, often exploits code vulnerabilities and/or gets installed onto users' computer systems by tricking users into taking some action.
To protect against malware, contemporary anti-malware software uses a variety of mechanisms to catch and quarantine malware, including by looking for patterns in the malware, referred to as signatures. One way malware authors try to avoid anti-malware detection is by obfuscating the underlying code and/or making it somewhat polymorphic so that its signature and behavior are not readily detectable (which can be somewhat considered “encrypted” to an extent).
Script-based malware, often found in browser content and in active content within files, is distributed in source form (e.g., as opposed to binary form). To avoid detection by antimalware scanners and increase the difficulty of manually researching malware samples, script-based malware is typically obfuscated and/or polymorphic. At the same time, it is impractical to author and distribute specific static signatures for all unique variants of obfuscated and/or polymorphic script-based malware.