Computer imposed countermeasures driven by malware lineage

What is claimed is: 1. A method of mitigating risk of a cyberattack on an information technology asset, comprising: determining, by a computer system, a value of a plurality of characteristics of a malware software item, where the characteristics comprise at least two of a file path associated with the malware software item, a file name associated with the malware software item, a name of an author associated with the malware software item, an identity of a compiler used to compile the malware software item, a domain name associated with the malware software item, an internet protocol address associated with the malware software item, an email address associated with the software item, and an identity of a programming language used to create the malware software item; determining, by the computer system, at least one hash of the malware software item; comparing the malware software item, by the computer system, to a plurality of malware families, wherein the comparing comprises at least one of comparing each of the characteristics of the malware software item to a corresponding characteristic of each of the malware families and comparing the at least one hash of the malware software item to each corresponding hash associated with each of the malware families; based on comparing the malware software item to the malware families, associating the malware software item to one of the malware families; selecting, by the computer system, a countermeasure based on the malware family to which the malware software item is associated; and causing the countermeasure to execute to mitigate vulnerability of the information technology asset to the malware software item. 2. The method of claim 1 , wherein causing the countermeasure to execute to mitigate vulnerability of the information technology asset comprises moving the malware software item to a quarantine area of memory of the information technology asset. 3. The method of claim 1 , wherein causing the countermeasure to execute to mitigate vulnerability of the information technology asset comprises reducing the frequency of execution of the malware software item. 4. The method of claim 1 , wherein causing the countermeasure to execute to mitigate vulnerability of the information technology asset comprises blocking receiving data packets received from a source internet protocol address that is identified as a characteristic of the malware family to which the malware software is associated. 5. The method of claim 1 , wherein causing the countermeasure to execute to mitigate vulnerability of the information technology asset comprises blocking transmission of data packets to a destination internet protocol address that is identified as a characteristic of the malware family to which the malware software is associated. 6. The method of claim 1 , wherein causing the countermeasure to execute to mitigate vulnerability of the information technology asset comprises blocking reception of emails from an email address that is identified as a characteristic of the malware family to which the malware software is associated. 7. The method of claim 1 , wherein the information technology asset is one of an application server, a web server, a database, a data store, a domain name system (DNS) server, a router, or a content server. 8. The method of claim 1 , wherein the computer system determines a plurality of hashes of the malware item, and wherein each of the plurality of hashes corresponds to separate blocks of the malware software item. 9. The method of claim 1 , wherein the comparing comprises comparing each of the characteristics of the malware software item to a corresponding characteristic of each of the malware families and comparing the at least one hash of the malware software item to each corresponding hash associated with each of the malware families. 10. A system to identify and counter computer malware, comprising: a processor; a memory; a first data store comprising information about known computer malware, wherein the information about each known computer malware is associated with a malware family of a plurality of malware families, and comprising a plurality of mappings, wherein each mapping associates at least one malware family with at least one countermeasure for mitigating a risk to an information technology asset posed by the known computer malware associated with the at least one malware family; a second data store comprising historical information about at least one of known malware attacks, cybercrimes, espionage, hack attacks, hacktivism; and an application stored in the memory that, when executed by the processor analyzes a software artifact identified to be present in an information technology asset, based on the analysis of the software artifact determines a plurality of characteristics of the software artifact, determines a plurality of metrics, each metric representing a degree of match between the software artifact and one of the plurality of malware families based on the characteristics of the software artifact and on the characteristics of each of the plurality of malware families stored in the first data store, based on the plurality of metrics and based on historical information, determines a malware family that best matches the software artifact, responsive to the metric associated with the best match malware family exceeding a pre-defined threshold, determines the software artifact to be computer malware, responsive to determining the software artifact to be computer malware, selects at least one countermeasure based on the malware family that best matches the software artifact, and causes the at least one countermeasure to be activated on the information technology asset. 11. The system of claim 10 , wherein the characteristics of the software artifact comprise at least one of an internet protocol address associated with the software artifact, a domain name associated with the software artifact, a uniform resource locator associated with the software artifact, malware creation information, data directory name, a registry key, an identity of a communication protocol, a function signature, a header section, a code section, a data segment section, a stack segment section, a heap segment section, a disassembly code for binaries, a language used in plaintext embedded in the software artifact, a content string, a geographic location where the software artifact was found, and information technology asset configurations. 12. The system of claim 10 , wherein the countermeasure is one of blocking communication relative to an internet protocol address embedded in the software artifact, blocking communication relative to a domain name embedded in the software artifact, moving the software artifact to a quarantined area of memory of the information technology asset, and blocking communication from an email address embedded in the software artifact. 13. A method of mitigating vulnerability of an information technology asset to a computer malware, comprising: determining, by a computer system, a value associated with each of a plurality of characteristics of a software artifact; comparing, by the computer system, the characteristics of the software artifact to the characteristics of a plurality of families of known computer malware; associating the software artifact, by the computer system, to one of the plurality of families of known computer malware based on comparing the software artifact to the families of known computer malware; selecting a countermeasure, by the computer system, from among a plurality of countermeasures based on the family of known computer malware that the software artifac