The primary step in containing a malware incident is to isolate the infected machine to prevent the malware from spreading to other systems. This can be done by disconnecting it from the network and turning it off. This action helps to contain the incident and allows for a proper investigation without the risk of further infection or data loss.

References: The EC-Council’s Certified SOC Analyst (CSA) program emphasizes the importance of quick response to security incidents, including malware infections. The training includes understanding security threats, attacks, vulnerabilities, and the appropriate responses to such incidents. The CSA program also covers the procedures for incident response, which includes the containment strategies for incidents like malware outbreaks123.