IT Security: NIST Guide to Malware Incident Prevention and Handling

/Home/Internet Security: Articles/Internet Security: IT Security/IT Security: Whitepapers

Recommendations of the National Institute of Standards and Technology

Peter Mell
Karen Kent
Joseph Nusbaum

Executive Summary

Malware, also known as malicious code and malicious software, refers to a program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim’s data, applications, or operating system or otherwise annoying or disrupting the victim. Malware has become the most significant external threat to most systems, causing widespread damage and disruption, and necessitating extensive recovery efforts within most organizations. Spyware—malware intended to violate a user’s privacy—has also become a major concern to organizations. Although privacy-violating malware has been in use for many years, it has become much more widespread recently, with spyware invading many systems to monitor personal activities and conduct financial fraud.

Organizations also face similar threats from a few forms of non-malware threats that are often associated with malware. One of these forms that has become commonplace is phishing, which is using deceptive computer-based means to trick individuals into disclosing sensitive information. Another common form is virus hoaxes, which are false warnings of new malware threats.

This publication provides recommendations for improving an organizationÂ’s malware incident prevention measures. It also gives extensive recommendations for enhancing an organizationÂ’s existing incident response capability so that it is better prepared to handle malware incidents, particularly widespread ones. The recommendations address several major forms of malware, including viruses, worms, Trojan horses, malicious mobile code, blended attacks, spyware tracking cookies, and attacker tools such as backdoors and rootkits. The recommendations encompass various transmission mechanisms, including network services (e.g., e-mail, Web browsing, file sharing) and removable media.

Click the URL above to read the full whitepaper