28 Jun
2009
28 Jun
'09
11:05 p.m.
- Make a good backup of the hacked system for data archival and forensic
analysis. 2) Take the affected system off-line. 3) Check all other systems in your company as they are definitely at high risk. 4) Completely re-format and re-install any and all hacked boxes. 5) Change all passwords everywhere and make sure they are not recycled.
I think you have steps 1 and 2 reversed. take it offline THEN make the backups etc etc. the infected systems disks should be mounted r/o on another secure system for doing said backups.