Track and Remove botnet attack

Scenario: An intern employee names James has found a USB on the ground coming into work, he wants to find the owner. He plugs the USB drive into his workstation computer and the drive appears to be empty. He sees that the command prompt flashes open and closes. Unknowingly he just executed a worm or botnet into the network. He informs you (the CIO) that he believes that he has unleashed a worm.

Task: How would you track, and remove the worm the network?

Areas to consider:

What ports or port types will have unusual activity.

Sample Solution

ACED ESSAYS