First, select the malware you want to identify. Historically, viruses have been identified based on "fingerprints" or sequences of instructions/byte code contained within predictable parts of files.
Worms have been associated with certain connect strings, or network activity and service request.
Trojans are more difficult to identify while they are not running. "Trojan-like" activity is sometimes considered.

Using just a hex editor to identify malware? Not so easy. You may be able to search for specific strings, but forensic analysis and examination of potentially bad code often includes a "decompiler" and/or disassmbler to translate to mnemonics or asm-like code.

Do you want to know something about how it is done? You write you are a programmer? There is an open soure project for detecting Viruses etc, which is called clamav. Being openSource, you can see what methds they uise in more detail than provided here.

Many more techniques are used beyond the ones mentioned here. :-)

for incoming (live on network) tcpDump or bpf. For existing virus on machines vi.