What *is* a malware signature?
I have a vague understanding of how signatures work (they look for assembly code similar to one in the malware, look for similar file names, look for similar "behavior",...)
But, so far, I've not been able to understand what it is. Like, if a signature was a C struct, what would it be? Is the structure of a signature proprietary?
Thanks in advance!
[link] [comments] ...