Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!uunet!husc6!cmcl2!brl-adm!umd5!mimsy!oddjob!gargoyle!ihnp4!homxb!whuts!mtune!icus!mozart!rosalia From: rosalia@mozart.UUCP (Mark Galassi) Newsgroups: comp.misc Subject: Re: Trojan Horse a Myth? Message-ID: <138@mozart.UUCP> Date: Mon, 7-Dec-87 07:42:27 EST Article-I.D.: mozart.138 Posted: Mon Dec 7 07:42:27 1987 Date-Received: Sun, 13-Dec-87 15:47:03 EST References: <459@gtx.com> Reply-To: rosalia@mozart.UUCP (Mark Galassi) Organization: Mark Galassi Research, Stony Brook, New York Lines: 18 In article <459@gtx.com> al@gtx.UUCP (Al Filipski) writes: > ... Can anyone relate a >first-hand account of damage done to his/her system by a malicious >Trojan Horse? On April 1st about 1 and 1/2 years ago, someone posted a "program" to net.sources in shar format. I think it was supposed to do something like "relink files" (absurd!). Once you unshared (or ran make, I don't remember), it would replace your .login with another one which said somehting funny, and save your old .login on a side. (.profile for non-csh). This person was harmless, but many people fell for it. Imagine if s/he had made it do rm -rf / &, or something weird as root. I'm sure that there are many fools that unshar things when logged in as root. -- Mark Galassi ...!mozart!rosalia { These opinions are mine and should be everybody else's :-) }