Malware Response Guide

Through Microsoft’s Security newsletter, I learned about a great resource which is the Infrastructure Planning and Design (IPD) Guide for Malware Response.

It helps with planning the best and most cost-effective response to malicious software for your organization. This free guide provides methodologies for the assessment of malware incidents, walks through the considerations and decisions that are pertinent to timely response and recovery, and describes approaches to investigating outbreaks and cleaning infected systems.
The Malware Response Guide includes the following content:

• Step 1: Confirm the Infection. This step involves taking actions to immediately contain an infection. Information is gathered from the user and about the system to help assess the breadth of the problem.
• Step 2: Determine the Course of Action. This step involves determining the risk to data, performing backups before proceeding with the chosen course of action, if required, and deciding whether to examine the malware’s effects on the system. Also, decide whether to clean the malware, restore system state, or rebuild the system
• Step 3: Attempt to Clean the System. This step involves putting the system cleaning plan into effect. Attempting to remove the malware using automated tools such as antimalware products are performed.
• Step 4: Attempt to Restore the System State. This step involves attempting to restore the system state, and evaluating the restored system for the effectiveness of malware removal.
• Step 5: Rebuild the System. This step involves either rebuilding the system from image or by reinstalling the operating system. Also, restoring the user settings and data are performed, and evaluating the activities performed for effectiveness.
• Step 6: Conduct Post Attack Review. This step focuses on post-attack items to consider for lessons learned.

You can get the download of the IPD guide for Malware Response here.