At Kaspersky Lab, they have an automated system that handles both the analysis of files and the automatic classification of threats.
The Kapsersky Lab virus collection contains samples of detectable threats grouped by detection names, e.g. Backdoor.Win32.Hupigon.abc.
When a new, undetected sample arrives, they begin by searching this collection for similar samples. The search principle is roughly the same as that used by Google Search. The only difference is that Google Search is word-based, while their searches are based on file features. In the simplest scenario, if the sample has been unpacked successfully, they can extract the strings responsible for the malware functionality and use them in much the same way as keywords are used by a search engine.