Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!utgpu!water!watmath!clyde!rcj From: rcj@clyde.UUCP Newsgroups: comp.misc Subject: Re: Trojan Horse a Myth? Message-ID: <18010@clyde.ATT.COM> Date: Sun, 6-Dec-87 14:27:53 EST Article-I.D.: clyde.18010 Posted: Sun Dec 6 14:27:53 1987 Date-Received: Sat, 12-Dec-87 03:40:38 EST References: <459@gtx.com> <4810@spool.wisc.edu> Sender: nuucp@clyde.ATT.COM Reply-To: rcj@moss.UUCP (Curtis Jackson) Organization: AT&T Bell Laboratories, Whippany NJ Lines: 23 In article <4810@spool.wisc.edu> dave@spool.wisc.edu (Dave Cohrs) writes: }> Can anyone relate a }> first-hand account of damage done to his/her system by a malicious }> Trojan Horse? Sure. If I wanted to get into someone's files to pull a prank, I would write a program to give me a shell, put it in an unprotected directory, and change ownership to the person whose files I wanted to get into. Then I would send them mail that had embedded in it commands to enter the necessary command to make my program setuid into the memory of their HP terminal and then send the entered sequence to Unix. Most of the time it wasn't even noticed if it was buried properly. Now all I had to do was run the setuid program and I was them. I was never malicious, but it was fun to do things like cpio all a person's files to a safe place and then put a clear screen command followed by an "rm -rf *" in their .profile and watch the fireworks... The MAD Programmer -- 201-386-6409 (Cornet 232) ^^^^ new extension alias: Curtis Jackson ...![ ihnp4 ulysses cbosgd allegra ]!moss!rcj ...![ ihnp4 cbosgd akgua watmath ]!clyde!rcj