Path: utzoo!utgpu!water!watmath!clyde!burl!codas!killer!jfh From: jfh@killer.UUCP (The Beach Bum) Newsgroups: comp.misc Subject: Re: Trojan Horse a Myth? Summary: Have a first hand account ... Message-ID: <2393@killer.UUCP> Date: 9 Dec 87 22:04:48 GMT References: <459@gtx.com> Organization: Big "D" Home for Wayward Hackers Lines: 81 In article <459@gtx.com>, al@gtx.com (0732) writes: > I just read a newspaper article by Clarence Peterson of the Chicago Tribune > in which "Jan Harold Brunvard, University of Utah Professor of folklore > and author of three books about urban legends" dismisses the "Trojan Horse" > computer program as an "Urban Myth". He says "I think there probably have been > some programs like that cooked up, but I can find no evidence that it's > actually been done, and it isn't as though it couldn't be detected and > destroyed." > > > It seems to me that the Professor is being quite naive. We all know > how easy it would be to create a Trojan Horse Program, and even, with a > little more difficulty, make it infect the user's system in subtle > ways. As for the question, "has anyone actually been hurt by one of > these?", I only know third-hand accounts. Can anyone relate a > first-hand account of damage done to his/her system by a malicious > Trojan Horse? > > | Alan Filipski, GTX Corp, 2501 W. Dunlap, Phoenix, Arizona 85021, USA | First to say, Trojan Horses are much easier under Unix than other operating systems I have used, but this experience isn't from Unix, it's a Vax/VMS story. I was actually involved in this experience, although initially as a victim, and later whn I found out what was going on, I let my sophmorish attitudes (I was a sophmore, what more can I say ;-) get me in trouble. I write this because Trojan Horses are _EASY_ to write, and even easier to be fooled by. What I did was wrong. I am not advocating doing this to your local computer system. Please don't, it can wreak havoc. When The University of New Orleans bought it's first Vax-11/780, a guy from California was involved in the initial set-up. He had been a system manager on a Vax someplace else and had learned how to abuse VMS. At first he just had an account with operators privileges, and later he wrote a little program to act like login and steal passwords. (side note: The system had the Unix-like toolbox on it and this was blamed for the original security breach. This toolkit wasn't the problem, the guy that set up the system was. This is the true story, whether Sal Tillis (hi Sal) want's to believe it or not. The other things I did to their Vax are a whole different matter ;-) accept it or not ...) This guy wrote a little .COM file (that's .BAT to the DOS world) which displayed a faked logout message when he logged out. Then started the trojan horse part. It prompted for a login name with $ INQUIRE/NOPUNCTUATION 'Username: ' $username to read in the victims user name. This was followed by $ SET TERMINAL/NOECHO ( or something like that - it's been 6 or 7 years) $ INQUIRE/NOPUNCTUATION 'Password: ' $password The results were written into a file of his. He repeated the username/ password commands 3 times to insure the user typed the password correctly. After each prompt the system gave a real looking error message. When he was done, the set the baud rate on the terminal to something other than what it should be and logged out. This thing looked quite real. The only way to tell the difference was to type a ^Z at it and look at the error message. It trapped ^C and ^Y as it should, but ^Z was being handled by RMS, not the program, and RMS didn't give the same message LOGINOUT (or whatever) gave. He got several dozen user's account names and such and did cause some grief. After my homework was ruined by his little ploy (like I said in the beginning, I got bit) I got pissed off and managed to wreak a bit more havoc before the System Manager (hi Sal) got disgusted with the lot of us and pitched us from the machine. As I said earlier, don't go screwing with peoples computers. It isn't fun getting canned from your Universities system and trying to get a degree at the same time. It can really screw up getting your first few jobs also. And if you are a system manager, my best advice is pay attention to the wierd complaints you get about terminals and such acting strange. Anyone wanting more information can write myself or if you can find Sal Tillis hanging around the DECUS group, you can ask him. Professor What's-His-Face should keep his mouth shut and stick to teaching basket weaving for all the good he is doing. - John. -- John F. Haugh II SNAIL: HECI Exploration Co. Inc. UUCP: ...!ihnp4!killer!jfh 11910 Greenville Ave, Suite 600 ...!ihnp4!killer!rpp386!jfh Dallas, TX. 75243 "Don't Have an Oil Well? Then Buy One!" (214) 231-0993