Malware, such as computer viruses, worms and Trojan horses, is a serious threat to both business and personal computing. Various software vendors provide anti-malware products, which can detect, block and/or remove malware on a user's computer. Anti-malware products use various techniques to protect users from malware, such as, but not limited to, intrusion prevention, web browser defense, signature based detection, heuristic based detection and behavior based detection. When an anti-malware product detects a specific instantiation of malware, the anti-malware product can make a copy of the detected malware and analyze it, to learn more about both how it works and how to identify and disarm similar threats in the future. Additionally, users sometimes proactively submit suspect files to anti-malware vendors (e.g., over the Internet) to have them checked for malware.
Some binary files present on some computers comprise malware that cannot be detected by an anti-malware product. This can be the case, for example, where the specific instantiation of the malware, or the manner in which the malware is encoded in the binary file, is not yet known to the computer security industry. It would be desirable to further analyze such binary files, in order to detect, learn more about and protect users against new malware. However, analyzing all binary files that an anti malware product does not detect as comprising malware is simply not practicable. Some commercial anti-malware products have very large foot prints in the security market. These products can be installed on so many computers that limited hardware resources prevent the analysis of all binary files located thereon. In any case, most binary files located on most such computers do not comprise malware. However, by not analyzing binary files that an anti-malware product does not detect as comprising malware, important new malware could be overlooked. It would be desirable to address these issues.