Detecting And Recovering From A Virus Incident
by John Stone
Posted 8/01/2003; Published 3/2003 and 4/2003


Abstract (Part 1):


When it comes to new viruses and malicious code, enterprise IT shops and antivirus software providers can only react to the latest threat, not preempt it. Short of dismantling IP networks, there is no way to totally protect IP endpoints from the next email or Web-based virus.


Thatís discouraging, but it doesnít mean enterprise IT shops are powerless. In fact, experience demonstrates that specific and effective steps can be takenóeven if you lack the latest tools or infrastructure. This article will explain how to detect a virus and, if you discover that you are infected, what immediate response and stopgap measures you should take.


Abstract (Part 2):


Cleaning up after a severe virus infestation can take weeks in a large enterprise IP network. Unfortunately, no matter how thorough the cleanup, it wonít prevent a subsequent infection from the next new virus. But donít let this discourage you from thoroughly investigating the current virus attack, or from making policy and procedure changes so that you can respond more effectively next time.


Even if you canít afford to staff a full-blown security command center, itís worth considering ways your staff might reduce response time, better coordinate information flows, direct containment activities, perform virus research, receive instructions from antivirus vendors and interface with business units and upper management. In fact, good communication is probably the key to effective cleanup, investigation and security improvement efforts.


Viruses and malicious code are the frustrating, but unavoidable offspring of todayís open and flexible IP networks. Because each virus event differs from the last, there is no magic bullet or complete defense. But with proactive planning, vigilant enforcement and appropriate technological solutions, you can deal effectively with each event.


About the author:

John Stone is a principal security consultant for Symantec Security Services specializing in protecting network environments from the effects of malicious code.

Access paper

Part 1


Part 2


Approx. 122 and 113 kB


For help with .pdf file downloads, please check out the help topic.


Return to Business Communications Review Gold Sponsor Archives


Return to Security menu

This article is reproduced by special arrangement with our partner, Business Communications Review.


Please note: By downloading this information, you acknowledge that the sponsor(s) of this information may contact you, providing that they give you the option of opting out of further communications from them concerning this information.  Also, by your downloading this information, you agree that the information is for your personal use only and that this information may not be retransmitted to others or reposted on another web site.  Please encourage colleagues to download their own copy after registering at