US Patent 9892261 Computer imposed countermeasures driven by malware lineage

A system to identify and counter computer malware. The system comprises a processor, a memory, a data store comprising information about known computer malware, wherein the information about known computer malware is partitioned into a plurality of malware families, and comprising a plurality of mappings, wherein each mapping associates one malware family with at least one countermeasure for mitigating a risk to an information technology asset posed by the known computer malware associated with the malware family, and an application stored in the memory. The application analyzes a software artifact, determines characteristics of the software artifact, and determines a plurality of metrics, each metric representing a degree of match between the software artifact and one of the plurality of malware families. Based on the plurality of metrics, the application further determines a malware family that best matches the software artifact.