Editor's Note: This story is available as a free download in PDF format -- print it out and post it somewhere prominent. Download now!

Preparing For Attacks

• Always use licensed software, and keep all software on every system up to date with the latest critical patches.

• Scan all systems regularly to ensure they are virus-, Trojan-, and spyware-free. Make sure your security software protects all network entry and exit points and that it's updated with the most recent signature files.

• Back up all systems on a regular schedule (weekly is good; daily is better).

• Subscribe to security vendors' e-bulletins so you'll be aware of current vulnerabilities, patches, and exploits.

		20 Years Of PC Viruses
		Introduction  A Brief History Of Viral Time  The 10 Most Destructive Viruses  Early Days On The Antivirus Front  What To Do In A Malware Attack       •  Preparing For Attacks       •  Recognizing An Attack       •  Responding To An Attack       •  Restoring Services And Systems       •  Replaying The Response
		Virus Image Gallery  Virus Timeline

• Set up a response team that includes a member of management as well as technically competent people who are knowledgeable on malware and security matters. This team must be available 24x7.

• Set up a telephone list of people to contact if a problem occurs. Expect that a problem will occur at the worst possible time, such as at midnight on New Year's Eve.

• Make sure that all appropriate personnel have hard copy for all pertinent contacts. Presume that the malware attack will take out all access to your electronic data.

• Have temporary backup/replacement systems (these should be clones of your most sophisticated systems, with large hard disks and sufficient memory) in case you need them; be able to restore your systems from those backups, if required. You need to have enough clean systems to be able to use them to clean up the dirty systems one at a time. Copy the whole hard disk, and make sure you're working with full system disk images -- boot images too!

• Restoring systems will involve restoring data from firewalls. Know pertinent port numbers and so forth. This, too, should be available in hard copy.

• Most attacks are introduced unknowingly by insiders. Educate, educate, educate your users.

Recognizing An Attack

• Pay attention to the most common warning signals (all of which will be unexpected and unexplainable):

• System slowdown
• High network activity
• Sudden file/disk activity
• Gateway system slowdown
• Remote sites suddenly not available (though it's possible that those sites and not your system are under attack)