Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!utgpu!water!watmath!clyde!rutgers!ll-xn!husc6!uwvax!dave@spool.wisc.edu From: dave@spool.wisc.edu Newsgroups: comp.misc Subject: Re: Trojan Horse a Myth? Message-ID: <4810@spool.wisc.edu> Date: Sat, 5-Dec-87 17:00:09 EST Article-I.D.: spool.4810 Posted: Sat Dec 5 17:00:09 1987 Date-Received: Thu, 10-Dec-87 03:43:56 EST References: <459@gtx.com> Sender: news@spool.wisc.edu Reply-To: dave@spool.wisc.edu (Dave Cohrs) Organization: U of Wisconsin CS Dept Lines: 36 > Can anyone relate a > first-hand account of damage done to his/her system by a malicious > Trojan Horse? Well, that depends on what you consider "damage". A trojan horse which I dealt with many moons ago (not on a UNIX system) allowed the user, eventually, to get a complete list of logins and plaintext passwords for all logins on the system. Lesson: never keep plaintext passwords on line, they *will* be found out. This intrusion was not discovered for months. Another user of that same system used a trojan horse to replace the system message file (kinda equivalent to what perror() prints on a UNIX system) with the source for a BASIC program. That was pretty "interesting". The damage was temporary; when the machine rebooted, it was all better. More recently (only 3-4 years ago on a UNIX machine), some hackers caught root with '.' in its path, and got root (I have to admit, I was the root that got got) to run a bogus version of "write". Luckily, I was almost as fast as they were, and closed the hole quickly, within minutes (luckily also, they were too slow to do any serious damage in that time). Lesson: *never* *ever* put '.' in root's path. I still get into arguments about this. Is that first-hand enough? In my experience, a Trojan Horse is the simplest and most common form of system cracking. Anyone who thinks otherwise is setting themselves up for a fall. If I remember correctly, a year or two ago, Gould had a "break our secure system" contest. Someone broke in using a Trojan Horse. I'm sure someone at Gould can give details, if they want. Dave Cohrs +1 608 262-6617 UW-Madison Computer Sciences Department dave@cs.wisc.edu ...!{harvard,ihnp4,rutgers,ucbvax}!uwvax!dave