A known specific pattern of virus code is also known as the virus signature. Antivirus programs are able to detect viruses by their known virus signatures or patterns of virus code.
The virus signature is what distinguishes the virus from other programs, and it is similar to a fingerprint in that no two are alike. The signature consists of specific bits of code or data, and as these become known, antivirus software is able to detect and neutralize the harmful program.
Antivirus software works by comparing the files it encounters while scanning a computer system with what is known as definition or DAT files, which are essentially libraries containing virus signatures. As such, the antivirus program needs to update its database of definition files constantly in order to be able to protect a system against ever-changing online threats.
Antivirus software works because the same virus signature may apply to multiple viruses. Antivirus programs may even be able to detect previously unknown viruses simply because their signatures are the same as existing versions. Hackers who create viruses have developed what are known as polymorphic programs. These can constantly change to create many different virus programs, using bits of garbage code to fill in the blanks. Even with such complex coding, however, there is always a constant code body within the virus that may be detected by appropriate antivirus software.