A polymorphic virus is a virus that can dynamically change it's binary code. As it changes its binary code, it also doesn't have a fixed patern of bytes that can be scanned for.

Virusses clearly are programs. they can have a significant size that make them easy to scan for. Step one to make a virus polymorphic is to encrypt the most of the program using some form of encryption. However the decrypter would probably still be the same, making a virus scanner scan for that.

However for a certain decryption e.g. a fix XOR of all bytes of the code, several different implementations are possible e.g. by:

1. permutation of registers
2. replacing register moves by Push Pop operations
3. using jmp instructions to alter the order of instructions
4. inserting NOP operations
5. inserting dummy operations that have no effect on the normal flow

etc. etc.

polymorphic virusses include a mutation engine that can create millions of different implementations of the same algorithm. this makes these virusses very difficult to detect by antivirus programs ClamAV.

http://en.wikipedia.org/wiki/Computer_virus