A method and apparatus for identifying computer virus variants are disclosed to improve the accuracy of virus identification and removal, and may relate to the field of internet technology. The method includes running a virus sample to be tested and recording an API call sequence produced during running of the virus sample. The method further includes obtaining a characteristic API call sequence for each one of a plurality of virus families, matching the API call sequence produced during running of the virus sample to be tested with the characteristic API call sequences of the virus families, and obtaining a matching result. The method also includes determining the virus sample to be tested is a virus variant by extent of a match between the API call sequence produced by the virus sample and any characteristic API call sequence of any one of the virus families.