In Security Response, our primary objective is to provide virus definitions and firewall signatures to protect our customers from threats in the wild. On the flip side of the coin is Symantec’s Support organization, where we help customers install and configure their security software and, in cases where the worst has happened, help remove threats from a computer or network. Symantec’s Support organization often receives requests to provide threat outbreak information. In some cases the request is for content aimed at a management level, detailing what their security teams have to do in these cases, which they could use to explain the situation at say, the next board meeting. In other cases the requests come from small business folks who are not necessarily IT or Security managers, but may be the office “computer guy/girl” put in charge of cleaning up an outbreak. It can be difficult to comprehend what’s happening when a computer is infected. In a networked environment, where threats like worms are at their most potent, the difficulty of eradicating the threat increases with the size of the network. Even more seasoned users are sometimes unsure how to proceed with a removal or how to assure themselves that the threat is indeed gone. The good news is there are some universal steps that can be taken, which we’ve learned from our experiences of both investigating threats and helping customers remove them. So we put our heads together, reviewed the material available both internally and externally, and wrote a new paper covering this topic. Containing An Outbreak is a high-level explanation of how to approach a threat that’s running rampant on your network, providing a step-by-step process for cutting it off and then removing it. We also follow up with an extensive list of things you can do to prevent another threat from wreaking havoc in the future. The purpose of this paper isn’t to provide any new insight for the technically savvy folks out there. Rather it’s geared towards the rest of us—those who may not work in IT directly, but still need an understanding of how to approach an outbreak. Threat removal is never an enjoyable task. We hope that this paper at least helps ease the burden. Containing An Outbreak: How to clean your network after an incident