Re: Re(2): Possible new virus?

From: Wirefire Systems Administrator (sysadmin_at_wirefire.com)
Date: 09/12/03

  • Next message: Wirefire Systems Administrator: "Re: Re(2): Possible new virus?" 
    To: Occams Razor <occamsraser@yahoo.com>, security-basics@securityfocus.com
Date: Fri, 12 Sep 2003 08:42:11 -0400

    Occam,
            I have also admitted that it is possible that the errors were caused by a
    hardware fault, however, as I stated in all my emails, I have been unable to
    actually troubleshoot -in person- the machines. The technician that I was on
    the phone with described the symptoms, described that he had replaced the fan
    in the machine he had on hand, inspected the fan, and found it to be
    operating properly. The machine was still displaying the error and emitting
    the tone from the PC speaker after this, which led me to suspect something
    other than a hardware error. I had the technician read me the error which
    appeared on the screen word for word. I then went to the most obvious source
    I could think of: google. I typed in the phrase exactly as it appeared on the
    screen to the technician, and google returned 0 (zero) search results. If
    google doesn't have a single entry with a certain phrase, then that is
    suspicious. Even if it were a hardware error, someone, somewhere, would have
    had a fan die, and would have typed in the error to some list requesting
    information on it. Since it didn't exist in the Google database, and I was
    becoming suspicious, I posted a question to this list. This is a security
    basics mailing list, and as far as I can tell, it is meant to facilitate the
    asking of questions. I'm not anywhere near a security expert, and I'm
    apparently not of the calibre troubleshooter that you are, but I merely ask
    for a bit of leeway in this subject, as I was unable to ascertain the
    problem. If this is a hardware problem, then I am sorry to have wasted your
    bandwidth on this issue, but if it's not, even if it's not malicious code,
    and it is a bug of some kind, then it's at least a little bit interesting,
    imho.

    --Matt

    On Thursday 11 September 2003 05:29 pm, Occams Razor wrote:
    > There certainly is a remote possibility that these 3
    > machines have been infected by some mysterious virus
    > the purpose of which is to convince the user that
    > their fan is malfuctioning. It is much, much, much,
    > more likely that indeed something in the environment
    > is causing the fan to malfunction.
    >
    > If someone passes me in the hall and tells me that my
    > shoe is on fire, my first reaction would be to check
    > and see if my shoe is indeed on fire. I would not run
    > back to my cube and send a message all around the
    > world asking if anyone has heard of a social
    > engineering hack where the attacker tells the victim
    > their shoe is on fire BEFORE checking to see if my
    > shoe is on fire.
    >
    > Likewise, if my computer told me that, "cpu cooling
    > fan is malfunctioning," the very FIRST thing I would
    > do is check if indeed the cpu cooling fan is
    > malfunctioning.
    >
    > Has the skill set of the average "Assistant Network
    > Administrator" really degraded to the point that we
    > must accept as normal the posting to a worldwide
    > mailling list with tens of thousands of readers as the
    > FIRST troubleshooting step?
    >
    > Yours,
    > Occam
    > 

    -- 
-------------------
Matt Simmons
Assistant Network Administrator
304.580.8080x5007
Fibernet LLC
---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------
  • Next message: Wirefire Systems Administrator: "Re: Re(2): Possible new virus?"