Centralized storage and management of malware manifests

摘要

Updating a central repository with information about malware resident upon a computer system. Upon detecting the malware executing in a virtual machine, a software module, without manual instruction, sends malware manifest data to a central repository over a network. The malware manifest data may comprise a copy of the malware and data identifying or comprising a set of files infected by the malware. The central repository may receive, over a network from at least two computer systems, distinct sets of malware manifest data and may subsequently store the sets of malware manifest data.

主权项

1. One or more non-transitory machine-readable storage mediums storing one or more sequences of instructions for updating a central repository with information about malware resident upon a computer system, which when executed by one or more processors, causes:
the computer system executing all untrusted processes within virtual machines; the computer system executing a particular untrusted process in a virtual machine; upon detecting the malware executing in said virtual machine, a software module, without manual instruction, sending malware manifest data to a central repository over a network, wherein the malware manifest data comprises a copy of the malware and data identifying or comprising a set of files infected by the malware, wherein the malware manifest data further comprises all versions, including temporary versions, of any files within said virtual machine written to, updated by, or accessed by said malware, wherein the malware manifest data further comprises information identifying a template used to instantiate the virtual machine on said computer system, and wherein the malware manifest data further comprises an image of the virtual machine, wherein the image includes the contents of memory and data persistently stored on disk for the virtual machine.