Re: Re(2): Possible new virus?

[Wirefire Systems Administrator <sysadmin () wirefire com>]

Occam, 
        I have also admitted that it is possible that the errors were caused by a 
hardware fault, however, as I stated in all my emails, I have been unable to 
actually troubleshoot -in person- the machines. The technician that I was on 
the phone with described the symptoms, described that he had replaced the fan 
in the machine he had on hand, inspected the fan, and found it to be 
operating properly. The machine was still displaying the error and emitting 
the tone from the PC speaker after this, which led me to suspect something 
other than a hardware error. I had the technician read me the error which 
appeared on the screen word for word. I then went to the most obvious source 
I could think of: google. I typed in the phrase exactly as it appeared on the 
screen to the technician, and google returned 0 (zero) search results. If 
google doesn't have a single entry with a certain phrase, then that is 
suspicious. Even if it were a hardware error, someone, somewhere, would have 
had a fan die,  and would have typed in the error to some list requesting 
information on it. Since it didn't exist in the Google database, and I was 
becoming suspicious, I posted a question to this list. This is a security 
basics mailing list, and as far as I can tell, it is meant to facilitate the 
asking of questions. I'm not anywhere near a security expert, and I'm 
apparently not of the calibre troubleshooter that you are, but I merely ask 
for a bit of leeway in this subject, as I was unable to ascertain the 
problem. If this is a hardware problem, then I am sorry to have wasted your 
bandwidth on this issue, but if it's not, even if it's not malicious code, 
and it is a bug of some kind, then it's at least a little bit interesting, 
imho. 

--Matt

On Thursday 11 September 2003 05:29 pm, Occams Razor wrote:
> There certainly is a remote possibility that these 3
> machines have been infected by some mysterious virus
> the purpose of which is to convince the user that
> their fan is malfuctioning.  It is much, much, much,
> more likely that indeed something in the environment
> is causing the fan to malfunction.
>
> If someone passes me in the hall and tells me that my
> shoe is on fire, my first reaction would be to check
> and see if my shoe is indeed on fire.  I would not run
> back to my cube and send a message all around the
> world asking if anyone has heard of a social
> engineering hack where the attacker tells the victim
> their shoe is on fire BEFORE checking to see if my
> shoe is on fire.
>
> Likewise, if my computer told me that, "cpu cooling
> fan is malfunctioning," the very FIRST thing I would
> do is check if indeed the cpu cooling fan is
> malfunctioning.
>
> Has the skill set of the average "Assistant Network
> Administrator" really degraded to the point that we
> must accept as normal the posting to a worldwide
> mailling list with tens of thousands of readers as the
> FIRST troubleshooting step?
>
> Yours,
> Occam
-- 
-------------------
Matt Simmons
Assistant Network Administrator
304.580.8080x5007
Fibernet LLC


---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------