Path: utzoo!yetti!spectrix!clewis From: clewis@spectrix.UUCP (Chris Lewis) Newsgroups: comp.misc Subject: Re: Trojan Horse a Myth? Message-ID: <337@spectrix.UUCP> Date: 11 Dec 87 19:08:37 GMT Article-I.D.: spectrix.337 Posted: Fri Dec 11 14:08:37 1987 References: <459@gtx.com> <2393@killer.UUCP> Reply-To: clewis@spectrix.UUCP (Chris Lewis) Organization: Spectrix Microsystems Inc., Toronto, Ontario, Canada Lines: 64 In article <2393@killer.UUCP> jfh@killer.UUCP (The Beach Bum) writes: >In article <459@gtx.com>, al@gtx.com (0732) writes: >> I just read a newspaper article ... >> in which "Jan Harold Brunvard, University of Utah Professor of folklore >> and author of three books about urban legends" dismisses the "Trojan Horse" >> computer program as an "Urban Myth". He says "I think there probably have been >> some programs like that cooked up, but I can find no evidence that it's >> actually been done, and it isn't as though it couldn't be detected and >> destroyed." >> It seems to me that the Professor is being quite naive. We all know You're not kidding. >First to say, Trojan Horses are much easier under Unix than other operating >systems I have used, but this experience isn't from Unix, it's a Vax/VMS >story.... A minor quibble - have you ever used PC/MSDOS? It's very simple to break security on these machines because there ain't none. Many BBS's catering to this market have accidentally acquired Trojans and redistributed them to unsuspecting users. The problem has become so severe that the BBS sysops have to examine as much of the stuff as they can. There are programs written which will attempt to determine whether a program is a Trojan (by tracing system calls etc.) but they aren't fool-proof. I've seen many messages on PC BBS's saying "WARNING: if you've downloaded "X", purge it FAST!". At least in this world the person who gets stung *usually* explicitly knows he's importing code into his machine, and can usually point fingers in the right way after getting blown. MSDOS is particularly susceptable to Trojans because: there's no security, most programs that are traded are binaries rather than sources, and it's real easy to diddle hardware directly. Fortunately fewer people are affected. At least in UNIX the person triggering the Trojan (root) is likely to be able to know enough to recover. Another minor quibble: according to the definition of "Trojan horse" (a program "trusted" by a user which does something additional), I wouldn't call "password snatching" or hoping that root has "." in his path a "Trojan". They're "traps". In the MSDOS world, Trojans quite frequently take the form of a new program the user acquires from somewhere that purports to do something he wants. Then he finds that not only does it do that, but it does other things (eg: reformat hard disk). A couple of issues back in comp.risks (oops, we expire it faster'n I thought!) there is a personal account of a particularly hideous MSDOS trojan. Appears that somehow somebody munged a copy of DOS to: copy the modifications without the user knowing it to every DOS bootable floppy that the DOS comes in contact with, and after the fourth generation (not quite sure the precise semantics here), zap the hard disk so badly that no utility can recover). Started out as a Trojan and turned into a virus. And, it's apparently spreading... Could some UNIX fanatic be trying to kill off all MSDOS machines? (It's about time! ;-). Don't quote me on this, quote the article directly if you can find it. BTW: I've noticed a lot of comments from people encountering/making password snatchers making me think that it's a lot more prevalent than I thought. Then again, it's almost impossible for ANY interactive computer system that uses traditional "userid" and "password" protection to prevent. Trivial on almost any OS I've ever used (MVS/TSO, VM/CMS, VMS, UNIX, etc.) -- Chris Lewis, Spectrix Microsystems Inc, UUCP: {uunet!mnetor, utcsri!utzoo, lsuc}!spectrix!clewis [Also: lsuc!clewis in a pinch] Phone: (416)-474-1955