none

To accurately track computer viruses, an overlay network that monitors the activities of viruses is constructed. Identifying and locating nodes infected by virus on network is achieved by a naming system in which a node in the network is mapped to a unique serial number of the hard drive. By carefully monitoring and recording sensitive communication between local system and remote nodes on the network, and suspicious operations on files that originate from remote nodes and entered via some form of file transfer, activities of viruses in both local and network level are recorded and ready for future analysis. These data can also be used in analysis of the mechanism of a computer virus as well as its spreading mode and pattern.