While it is advantageous to identify a specific virus, it can be quicker to detect a virus family through a generic signature. Many viruses start as a single infection, and through either mutation or modifications by other virus writers, can grow into dozens of slightly different strains. In addition, virus authoring tools, such as the Nowhere Mans Virus Creation Laboratory (circa 1992-93), create similar viruses. Rather than create a signature for every single strain, virus researchers find common areas that all viruses in a family share uniquely, and they create a single generic signature. These signatures often contain non-contiguous code, using wild cards where differences lie. These wild cards allow the scanner to detect if virus code is padded with other junk code. While the vendors wouldnt discuss exactly how it worked, the signatures may contain fragments of unique code from a number of areas in the infected file. Signature scanning, while made more flexible by pre-qualifying files and types of infections, and using wild cards, still requires exact matches between infection and signature. They can only be used to find known viruses, ones that have been analyzed and categorized. When a totally new virus hits the scene it often passes virus testing by signature scanning, unless it was developed from existing roots, and by chance, shares family traits. To catch unknown or more complex viruses, heuristic scanning techniques are used, and well be studying those techniques in more depth, including polymorphic and metamorphic virus detection, coming soon in Part II.