Am studying the security exam. I am a bit confused about viruses. I understand that polymorphic viruses changes their signature when infect a file every time, I think metamorphic viruses do same thing. I could not find the differences among them. Could you please help me about this differences?

A polymorphic virus is a type of encrypted virus that not only uses separate keys on infection, but changes its decrypting module.

A metamorphic virus on the other hand rewrites itself completely on each infection.

In a polymorphic virus, if you can decrypt the virus, it is the same across the board. The encryption changes per infection, and the module is rewritten making separate signatures on each infection. The antivirus program has to decrypt it via an emulator and then compare the signature there.

Metamorphic viruses become completely different programs. Their problem is however, they require a metamorphic engine module, making them very large and complex.