Malware Incident Response – Outbreak Scenario

Malware Incident Response - Outbreak Scenario

This article applies to Microsoft OS on Intel Platform. With the ongoing threat of the Conficker Virus, which is still hanging like the sword of Damocles, it becomes very important to know and understand, what exactly needs to be done during a possible Virus Outbreak.

What you will learn…

  • important incident response activities that need to be followed during a virus outbreak in an enterprise infrastructure

What you should know…

  • basics of Windows operating system
  • knowledge of malware identification
  • knowledge of network infrastructure

This article will focus on the Incident Response activities that we may follow during a Virus Outbreak in an Enterprise Infrastructure.


Damage caused by Malwares is the most prevalent and common threat vector that an Organization faces today. Also, mentioned in the SANS Top 10 Cyber Security Menace of 2008, Increasing Sophistication and Effectiveness in Botnets is one of the major areas of concern which can lead to a substantial damage. Worm and virus outbreaks and its ever changing dynamics may lead to a devastating impact on the cost of operations or loss of revenue for any Company. In addition to this ever present and ever increasing threat of Malwares, their sophistication and potential to cause large scale damage rings the final death knell. Outbreaks results in major disruption of services, loss of productivity, infrastructure downtime and massive costs of data recovery. With newer threats coming into existent on a daily basis, it’s just a matter of time that the next big virus may hit the infrastructure, bringing an unprepared organization to its knees. A virus outbreaks can vary in size (how many systems have got infected) and severity level (which systems are getting affected or how fast the infection is propagating). Preventing outbreaks caused by worms and viruses requires an Incident Response plan to be chalked out. This calls for processes and actions that are to be incorporated into all nook and corner of the Enterprise Infrastructure e.g. Desktops and Servers (Endpoints), Routers and Switches (Network), Firewalls and Gateway Devices (Perimeter). Incident Response should be considered as one of the major hazard mitigation plan and it is no less than the Fire Safety measures that are usually in place in a Standardized Enterprise Infrastructure.

Incident Response Strategy

As mentioned earlier, preventing outbreaks caused by worms and viruses require an Incident Response strategy because the next big attacks may not only get initiated from outside but also from within the organization. Unaware users may download worms and viruses simply by venturing to a malicious link, inserting an infected USB Removable Drive or executing an infected e-mail attachment. An incident response is a set of methodologies for investigating a problem, analyzing its cause, minimizing its impact, resolving the problem and documenting every step of the response for future reference. Let us now take a closer look into the methodologies that may be followed to remediate or minimize the impact during a virus outbreak scenario. Having an appropriate set of Incident Responses strategy that is ready for implementation during a crisis scenario is as important as having IT Security Policy.

If you’d read this article in full version use link bellow for download (only for subscribers) 

You must be logged in to post a comment