Centralized storage and management of malware manifests
First Claim
1. One or more non-transitory machine-readable storage mediums storing one or more sequences of instructions for updating a central repository with information about malware resident upon a computer system, which when executed by one or more processors, causes:
- the computer system executing all untrusted processes within virtual machines;
the computer system executing a particular untrusted process in a virtual machine;
upon detecting the malware executing in said virtual machine, a software module, without manual instruction, sending malware manifest data to a central repository over a network,wherein the malware manifest data comprises a copy of the malware and data identifying or comprising a set of files infected by the malware,wherein the malware manifest data further comprises all versions, including temporary versions, of any files within said virtual machine written to, updated by, or accessed by said malware,wherein the malware manifest data further comprises information identifying a template used to instantiate the virtual machine on said computer system, andwherein the malware manifest data further comprises an image of the virtual machine, wherein the image includes the contents of memory and data persistently stored on disk for the virtual machine.
2 Assignments
0 Petitions
Accused Products
Abstract
Updating a central repository with information about malware resident upon a computer system. Upon detecting the malware executing in a virtual machine, a software module, without manual instruction, sends malware manifest data to a central repository over a network. The malware manifest data may comprise a copy of the malware and data identifying or comprising a set of files infected by the malware. The central repository may receive, over a network from at least two computer systems, distinct sets of malware manifest data and may subsequently store the sets of malware manifest data.
68 Citations
18 Claims
-
1. One or more non-transitory machine-readable storage mediums storing one or more sequences of instructions for updating a central repository with information about malware resident upon a computer system, which when executed by one or more processors, causes:
-
the computer system executing all untrusted processes within virtual machines; the computer system executing a particular untrusted process in a virtual machine; upon detecting the malware executing in said virtual machine, a software module, without manual instruction, sending malware manifest data to a central repository over a network, wherein the malware manifest data comprises a copy of the malware and data identifying or comprising a set of files infected by the malware, wherein the malware manifest data further comprises all versions, including temporary versions, of any files within said virtual machine written to, updated by, or accessed by said malware, wherein the malware manifest data further comprises information identifying a template used to instantiate the virtual machine on said computer system, and wherein the malware manifest data further comprises an image of the virtual machine, wherein the image includes the contents of memory and data persistently stored on disk for the virtual machine. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. One or more non-transitory machine-readable storage mediums storing one or more sequences of instructions for maintaining a central repository that stores information about malware executing on one or more of a plurality of computer systems, which when executed by one or more processors, causes:
-
receiving, over a network from at least two computer systems, distinct sets of malware manifest data which each indicate that malware has been detected on a virtual machine executing on a computer system from which the malware manifest data was sent, wherein the malware manifest data comprises a copy of the malware and data identifying or comprising a set of files infected by the malware, wherein the malware manifest data further comprises all versions, including temporary versions, of any files within said virtual machine written to, updated by, or accessed by said malware, wherein the malware manifest data further comprises information identifying a template used to instantiate the virtual machine on said computer system, and wherein the malware manifest data further comprises an image of the virtual machine, wherein the image includes the contents of memory and data persistently stored on disk for the virtual machine; and storing the malware manifest data in the central repository. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. An apparatus for updating a central repository with information about malware resident upon a computer system, comprising:
-
one or more processors; and one or more computer-readable medium storing one or more sequences of instructions, which when executed by the one or more processors, cause; the computer system executing all untrusted processes within virtual machines; the computer system executing a particular untrusted process in a virtual machine; upon detecting the malware executing in a-said virtual machine, a software module, without manual instruction, sending malware manifest data to a central repository over a network, wherein the malware manifest data comprises a copy of the malware and data identifying or comprising a set of files infected by the malware, wherein the malware manifest data further comprises all versions, including temporary versions, of any files within said virtual machine written to, updated by, or accessed by said malware, wherein the malware manifest data further comprises information identifying a template used to instantiate the virtual machine on said computer system, and wherein the malware manifest data further comprises an image of the virtual machine, wherein the image includes the contents of memory and data persistently stored on disk for the virtual machine. - View Dependent Claims (16)
-
-
17. An apparatus for updating a central repository with information about malware resident upon a computer system, comprising:
-
one or more processors; and one or more computer-readable medium storing one or more sequences of instructions, which when executed by the one or more processors, cause; receiving, over a network from at least two computer systems, distinct sets of malware manifest data which each indicate that malware has been detected on a virtual machine executing on a computer system from which the malware manifest data was sent, wherein the malware manifest data comprises a copy of the malware and data identifying or comprising a set of files infected by the malware, wherein the malware manifest data further comprises all versions, including temporary versions, of any files within said virtual machine written to, updated by, or accessed by said malware, wherein the malware manifest data further comprises information identifying a template used to instantiate the virtual machine on said computer system, and wherein the malware manifest data further comprises an image of the virtual machine, wherein the image includes the contents of memory and data persistently stored on disk for the virtual machine; and storing the malware manifest data in the central repository. - View Dependent Claims (18)
-
Specification