Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!mnetor!uunet!husc6!cmcl2!brl-adm!umd5!mimsy!oddjob!gargoyle!ihnp4!homxb!whuts!mtune!icus!mozart!rosalia
From: rosalia@mozart.UUCP (Mark Galassi)
Newsgroups: comp.misc
Subject: Re: Trojan Horse a Myth?
Message-ID: <138@mozart.UUCP>
Date: Mon, 7-Dec-87 07:42:27 EST
Article-I.D.: mozart.138
Posted: Mon Dec  7 07:42:27 1987
Date-Received: Sun, 13-Dec-87 15:47:03 EST
References: <459@gtx.com>
Reply-To: rosalia@mozart.UUCP (Mark Galassi)
Organization: Mark Galassi Research, Stony Brook, New York
Lines: 18

In article <459@gtx.com> al@gtx.UUCP (Al Filipski) writes:
>		...				Can anyone relate a
>first-hand account of damage done to his/her system by a malicious
>Trojan Horse?
    On April 1st about 1 and 1/2 years ago, someone posted a "program"
to net.sources in shar format.  I think it was supposed to do something
like "relink files" (absurd!).  Once you unshared (or ran make, I don't
remember), it would replace your .login with another one which said
somehting funny, and save your old .login on a side.  (.profile
for non-csh).
    This person was harmless, but many people fell for it.  Imagine
if s/he had made it do rm -rf / &, or something weird as root.  I'm
sure that there are many fools that unshar things when logged in as
root.
-- 
						Mark Galassi
					    ...!mozart!rosalia
{ These opinions are mine and should be everybody else's :-) }