PaulDotCom mailing list archives

Incident Response

From: Craig Freyman <craigfreyman () gmail com>
Date: Wed, 30 Jun 2010 10:05:29 -0600

I have a rookie question about incident response.

When the AV flags a virus, what steps should you take to handle the
situation?

I would assume the following would be important to figure out:

   - What the bug is and how it works
   - If any other malware has been planted
   - What the bug actually did to the system, did it steal anything or log
   anything?
   - ??

Looking forward to your responses......

-Craig

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Current thread:

Incident Response Craig Freyman (Jun 30)
- Re: Incident Response Josh Little (Jun 30)
- Re: Incident Response Mike Patterson (Jun 30)