A virus signature is the binary pattern of a virus – an algorithm or hash (string of characters or numbers) which is a unique identifier for the virus. The virus signature, also called a “virus definition,” is like a fingerprint that can be used to identify when a virus is present on a computer. One signature may contain several virus signatures, and several viruses may share a single signature, the latter makes it easier for antivirus (AV) software to catch and quarantine a virus before it infects a machine.
To find and eliminate a virus, AV software compares the strings or patterns of virus signatures stored in its database against what it finds on a computer. Signature detection may be behavior based—the AV looks for what the virus does—or static—a calculated numerical value of code.
Malware authors frequently change virus signatures to avoid detection by commercial tools, which makes AV software less than effective against all but the most obvious viruses.
Get the DeMISTIfying InfoSec newsletter every Tuesday!