Attacks by malicious software, or malware in computer systems cost the global business community more than 11 billion dollars annually despite ongoing efforts in anti-malware technology. Malware includes computer viruses, worms, Trojan horses and also spyware, programming that gathers information about a computer without user permission. A large percentage of these losses is attributable to lost data. Once a malware outbreak corrupts a system, entire volumes of data must be rolled back to a point in time prior to the original malware outbreak. The more time that passes before a malware attack is detected, the greater the loss of data and the greater the costs associated with restoring the data. Typically, entire volumes of data must be restored from backups that were created days or weeks earlier. The retrieval and restoration of volumes of data may be due to delays in detecting the malware, the type of malware attack or the infrequency in making data backups. When malware instances penetrate an organization's defenses, the attacks may be gradual, progressive and sustained, and therefore difficult to detect. Malware often corrupts files in ways that can elude malware scanners, such as modifying them without inserting a copy of themselves or inserting morphed instances of themselves. Forensic analysis is complicated by the fact that programs infected by the original malware might corrupt new files before the attack is detected.
Even if frequent backups are made, only those backups made before the original attack are typically considered safe for recovery purposes. Such backups of entire volumes of files and data that precede the original attack, could be weeks old. The time and costs associated with restoring entire volumes using backups created days or weeks earlier, could be staggering.
It would therefore be desirable to quickly identify a malware attack, locate every file that was damaged in the attack and restore the corrupted file to an uncorrupted version by providing frequent data backups that are quickly recoverable as soon a malware attack is detected.