Have you ever wondered how anti-virus signatures are created?
In his article An Intro to Creating Anti-Virus Signatures the author describes three types of signature detections:
- hash signatures
- byte signatures
Though the article focusses primarily on Microsoft portable executable files like .exe, .dll and .sys, it would be possible to analyze .pdf, .ppt files if one would do that.
The article is well detailed and a good start to understand how anti-virus/anti-malware signatures are built. ■