Security Basics mailing list archives
Re: Re(2): Possible new virus?
From: Wirefire Systems Administrator <sysadmin () wirefire com>
Date: Fri, 12 Sep 2003 08:42:11 -0400
Occam, I have also admitted that it is possible that the errors were caused by a hardware fault, however, as I stated in all my emails, I have been unable to actually troubleshoot -in person- the machines. The technician that I was on the phone with described the symptoms, described that he had replaced the fan in the machine he had on hand, inspected the fan, and found it to be operating properly. The machine was still displaying the error and emitting the tone from the PC speaker after this, which led me to suspect something other than a hardware error. I had the technician read me the error which appeared on the screen word for word. I then went to the most obvious source I could think of: google. I typed in the phrase exactly as it appeared on the screen to the technician, and google returned 0 (zero) search results. If google doesn't have a single entry with a certain phrase, then that is suspicious. Even if it were a hardware error, someone, somewhere, would have had a fan die, and would have typed in the error to some list requesting information on it. Since it didn't exist in the Google database, and I was becoming suspicious, I posted a question to this list. This is a security basics mailing list, and as far as I can tell, it is meant to facilitate the asking of questions. I'm not anywhere near a security expert, and I'm apparently not of the calibre troubleshooter that you are, but I merely ask for a bit of leeway in this subject, as I was unable to ascertain the problem. If this is a hardware problem, then I am sorry to have wasted your bandwidth on this issue, but if it's not, even if it's not malicious code, and it is a bug of some kind, then it's at least a little bit interesting, imho. --Matt On Thursday 11 September 2003 05:29 pm, Occams Razor wrote:
There certainly is a remote possibility that these 3 machines have been infected by some mysterious virus the purpose of which is to convince the user that their fan is malfuctioning. It is much, much, much, more likely that indeed something in the environment is causing the fan to malfunction. If someone passes me in the hall and tells me that my shoe is on fire, my first reaction would be to check and see if my shoe is indeed on fire. I would not run back to my cube and send a message all around the world asking if anyone has heard of a social engineering hack where the attacker tells the victim their shoe is on fire BEFORE checking to see if my shoe is on fire. Likewise, if my computer told me that, "cpu cooling fan is malfunctioning," the very FIRST thing I would do is check if indeed the cpu cooling fan is malfunctioning. Has the skill set of the average "Assistant Network Administrator" really degraded to the point that we must accept as normal the posting to a worldwide mailling list with tens of thousands of readers as the FIRST troubleshooting step? Yours, Occam
-- ------------------- Matt Simmons Assistant Network Administrator 304.580.8080x5007 Fibernet LLC --------------------------------------------------------------------------- Captus Networks Are you prepared for the next Sobig & Blaster? - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans - Precisely Define and Implement Network Security - Automatically Control P2P, IM and Spam Traffic FIND OUT NOW - FREE Vulnerability Assessment Toolkit http://www.captusnetworks.com/ads/42.htm ----------------------------------------------------------------------------
Current thread:
- Re(2): Possible new virus? Lee Rich (Sep 11)
- <Possible follow-ups>
- Re: Re(2): Possible new virus? Chris Berry (Sep 11)
- System Logging on Windows Hussein Ghazy (Sep 15)
- Re: System Logging on Windows Brian - IC Support Desk (Sep 15)
- Message not available
- Re: System Logging on Windows Phillip McCollum (Sep 16)
- Re: System Logging on Windows Doug Massey (Sep 16)
- System Logging on Windows Hussein Ghazy (Sep 15)
- Re: Re(2): Possible new virus? Sebastian Schneider (Sep 11)
- Re: Re(2): Possible new virus? Wirefire Systems Administrator (Sep 12)
- Re: Re(2): Possible new virus? Wirefire Systems Administrator (Sep 12)