Systems and Methods for Auditing a Virtual Machine

What is claimed is: 1 . A computer system comprising at least one hardware processor configured to execute a set of guest virtual machines (VM) and to further execute a VM audit engine, the VM audit engine executing outside the set of guest VMs and configured, in response to receiving an audit request from a remote audit server, to: insert an audit agent into a target VM of the set of the guest VMs, the audit agent configured to perform an audit of the target VM, the audit comprising an item selected from a group consisting of generating a list of legitimate computer programs installed for execution on the target VM and determining an amount of a hardware resource, the amount currently used by the target VM; in response to inserting the audit agent, cause the target VM to execute the audit agent; and in response to the target VM executing the audit agent, remove the audit agent from the target VM. 2 . The computer system of claim 1 , wherein inserting the audit agent comprises: writing a driver loader to a memory of the computer system, the driver loader configured to load an audit driver into the target VM, the audit driver configured to perform the audit; and configuring the target VM to switch, when a computer program executing within the target VM issues a system call, from executing the computer program to executing the driver loader. 3 . The computer system of claim 2 , wherein inserting the audit agent comprises writing the driver loader to a memory section allocated for a driver of the target VM. 4 . The computer system of claim 2 , wherein writing the driver loader comprises: intercepting an attempt by an operating system of the target VM to allocate memory for a software object; and in response to intercepting the attempt, change a memory allocation intended by the attempt so that the allocated memory accommodates both the software object and the driver loader. 5 . The computer system of claim 1 , wherein the audit further comprises determining a point in time when at least one computer program of the list of legitimate computer programs was installed. 6 . The computer system of claim 1 , wherein the audit further comprises generating a second list of legitimate computer programs, wherein all members of the second list are currently loaded in a volatile memory of the target VM. 7 . The computer system of claim 1 , wherein the hardware resource comprises a processing capacity of the at least one hardware processor. 8 . The computer system of claim 1 , wherein the hardware resource comprises a non-volatile storage device of the computer system. 9 . The computer system of claim 1 , wherein the VM audit engine is further configured to: detect a type of an operating system currently executing on the target VM; and in response, configure the audit agent according to the type of the operating system. 10 . The computer system of claim 1 , wherein: the audit request comprises an indicator of the target VM; and the VM audit engine is configured to select the target VM from the set of guest VMs according to the audit request. 11 . The computer system of claim 1 , wherein the VM audit engine executes within an audit VM distinct from the target VM. 12 . A method comprising employing at least one hardware processor of a computer system to execute a virtual machine (VM) audit engine outside a set of guest VMs executing on the computer system, wherein executing the VM audit engine comprises: in response to receiving an audit request from a remote server, inserting an audit agent into a target VM of the set of guest VMs, the audit agent configured to perform an audit of the target VM, the audit comprising an item selected from a group consisting of generating a list of legitimate computer programs installed for execution on the target VM and determining an amount of a hardware resource, the amount currently used by the target VM; in response to inserting the audit agent, causing the target VM to execute the audit agent; and in response to the target VM executing the audit agent, removing the audit agent from the target VM. 13 . The method of claim 12 , wherein inserting the audit agent comprises: writing a driver loader to a memory of the computer system, the driver loader configured to load an audit driver into the target VM, the audit driver configured to perform the audit; and configuring the target VM to switch, when an computer program executing within the target VM issues a system call, from executing the computer program to executing the driver loader. 14 . The method of claim 13 , wherein inserting the audit agent comprises writing the driver loader to a memory section allocated for a driver of the target VM. 15 . The method of claim 13 , wherein writing the driver loader comprises: intercepting an attempt by an operating system of the target VM to allocate memory for a software object; and in response to intercepting the attempt, change a memory allocation intended by the attempt so that the allocated memory accommodates both the software object and the driver loader. 16 . The method of claim 12 , wherein the audit further comprises generating a second list of legitimate computer programs, wherein all members of the second list are currently loaded in a volatile memory of the target VM. 17 . The method of claim 12 , wherein the hardware resource comprises a processing capacity of the at least one hardware processor. 18 . The method of claim 12 , wherein the hardware resource comprises a non-volatile storage device of the computer system. 19 . The method of claim 12 , comprising executing the VM audit engine within an audit VM distinct from the target VM. 20 . A server computer system comprising at least one hardware processor configured to perform audit transactions with a plurality of client systems, wherein an audit transaction comprises: sending an audit request to a client system of the plurality of client systems; and in response, receiving an audit report from the client system, the audit report determined by a virtual machine (VM) audit engine executing on the client system outside a set of guest VMs executing on the client system, wherein determining the audit report comprises: in response to receiving an audit request from the server computer system, inserting an audit agent into a target VM of the set of guest VMs, the audit agent configured to perform an audit of the target VM, the audit comprising an item selected from a group consisting of generating a list of legitimate computer programs installed for execution on the target VM and determining an amount of a hardware resource, the amount currently used by the target VM; in response to inserting the audit agent, causing the target VM to execute the audit agent; and in response to the target VM executing the audit agent, removing the audit agent from the target VM. 21 . A non-transitory computer-readable medium storing instructions which, when executed by at least one hardware processor of a computer system, cause the computer system to form a virtual machine (VM) audit engine, the VM audit engine executing outside a set of guest VMs exposed on the computer system, wherein the VM audit engine is configured, in response to receiving an audit request from a remote audit server, to: insert an audit agent into a target VM of the set of guest VMs, the audit agent configured to perform an audit of the target VM, the audit comprising an item selected from a group consisti