Re(2): Possible new virus?

[Occams Razor <occamsraser () yahoo com>]

There certainly is a remote possibility that these 3
machines have been infected by some mysterious virus
the purpose of which is to convince the user that
their fan is malfuctioning.  It is much, much, much,
more likely that indeed something in the environment
is causing the fan to malfunction.

If someone passes me in the hall and tells me that my
shoe is on fire, my first reaction would be to check
and see if my shoe is indeed on fire.  I would not run
back to my cube and send a message all around the
world asking if anyone has heard of a social
engineering hack where the attacker tells the victim
their shoe is on fire BEFORE checking to see if my
shoe is on fire.

Likewise, if my computer told me that, "cpu cooling
fan is malfunctioning," the very FIRST thing I would
do is check if indeed the cpu cooling fan is
malfunctioning.  

Has the skill set of the average "Assistant Network
Administrator" really degraded to the point that we
must accept as normal the posting to a worldwide
mailling list with tens of thousands of readers as the
FIRST troubleshooting step?

Yours,
Occam

-----Original Message-----

From: Lee Rich [mailto:lee.rich () wlga gov uk] 
Sent: Thursday, September 11, 2003 4:08 AM
To: security-basics () securityfocus com
Subject: Re(2): Possible new virus?
Importance: Low

 

Chris, in a later posting, Matt has stated that
'another' machine has been reported to have the same
symptoms; these machines may be just a small handful
of machines who have the same problem but have not
been reported yet due to the area covered by
'Internet' Technical support.

Also, the idea that the message and beeping may be a
red herring should not be cast aside. For all these
systems to suffer the same fault dispite manufacurer
or warranty state. Seems a little iffy to me andI
wouldn't be surprised if there is actually nothing
wrong with the cooling system. Saying it's a hardware
problem would assume that each firmware reports an
identical message for the problem. Not to mention that
some firmware may not even be able to report such an
issue.

-Lee Rich

security () wlga gov uk



__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com

---------------------------------------------------------------------------
Captus Networks 
Are you prepared for the next Sobig & Blaster? 
 - Instantly Stop DoS/DDoS Attacks, Worms & Port Scans 
 - Precisely Define and Implement Network Security 
 - Automatically Control P2P, IM and Spam Traffic 
FIND OUT NOW -  FREE Vulnerability Assessment Toolkit 
http://www.captusnetworks.com/ads/42.htm
----------------------------------------------------------------------------