Found new malware not detected by antivirus. How to evaluate the threat?

As an IT administrator, one of the most important and time consuming tasks is ensuring the security of the network and its users. This can be a daunting task, especially when it comes to dealing with malware that is not detected by antivirus software. With the ever-evolving landscape of cyber threats, it is important to know how to evaluate the threat of such unknown malicious software.

The first step in evaluating the threat of unknown malware is to isolate the system that is infected. This is to prevent the malicious software from spreading to other systems on the network. It is also important to assess the potential damage that the malware could cause. This can be done by analyzing the code of the malware and looking for potential indicators of malicious intent.

Once the system has been isolated, it is important to take a snapshot of the system prior to any attempts to remove the malware. This can be done using a forensic imaging tool such as FTK Imager or AccessData FTK. This will allow for a complete copy of the system prior to any attempts to clean it, in case something goes wrong.

The next step is to analyze the malicious code of the malware. This can be done by running it in a sandbox environment such as Cuckoo Sandbox. This will provide a detailed report of the malicious code and its behavior. The behavior of the malware can provide insight into its intended purpose and any potential damage it could cause.

Once the malicious code has been analyzed, it is important to take steps to remove the malware from the system. This can be done using a variety of methods such as using a specialized anti-malware program or manually cleaning the system. It is important to note that some malicious software may require more advanced methods to completely remove it from the system.

Finally, it is important to review the security measures that were in place prior to the infection. This will help to identify any vulnerabilities that may have allowed the malware to be installed on the system in the first place. Once the vulnerabilities have been identified, they can be addressed to prevent similar infections in the future.

In conclusion, evaluating the threat of unknown malware can be a difficult and time consuming task. However, by taking the time to analyze the malicious code and isolate the system, it is possible to minimize the damage caused by the malicious software. Additionally, by taking steps to identify and address any vulnerabilities that allowed the malware to be installed on the system, it is possible to help prevent future infections.