Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: Unexpected mass reboots are worth investigating - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Unexpected mass reboots are worth investigating

An ISC reader told us that his company observed a large number of their PCs unexpectedly reboot at around 18:00 Central Time yesterday, with nothing in the event logs to show a shutdown sequence.

Is this organization dealing with a large-scale malware infection? Possibly. A malicious program could be rebooting the systems to embed itself deep in the OS, or to disable an anti-virus tool. Of course, the reboots could also be the result of a less malevolent incident, such as a bug in a benign program.

Regardless, unexpected mass reboots are certainly worth investigating. Anyone else encountering them lately?

-- Lenny

Lenny Zeltser - Security Consulting
Lenny teaches a SANS course on analyzing malware.

Lenny

216 Posts
ISC Handler
Could this be related to patch updates or antivirus program updates?
Keith

7 Posts
power glitch? and what malware protection do they company use?
Anonymous
This could also be caused by WSUS releasing a patch with a deadline set. But then again he says the logs show nothing.
Michael

32 Posts

Sign Up for Free or Log In to start participating in the conversation!