Sequence of bytes in the machine code of the virus. One way that anti-virus programs identify the presence of a virus in an executable file, a boot record, or memory is to use short identifiers, called signatures. A “good signature” is one that is found in every object infected by the virus, but it is unlikely to be found if the virus is not present. In other words, the likelihood of having both false negatives and false positives must be minimized.
Kephart, J. and Arnold, W. Automatic Extraction of Computer Virus Signatures. [Online, 1994.] IBM Research Website. http://www.research.ibm.com/antivirus/ SciPapers/Kephart/VB94/vb94.html.