Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!utgpu!water!watmath!clyde!rutgers!ll-xn!husc6!uwvax!dave@spool.wisc.edu
From: dave@spool.wisc.edu
Newsgroups: comp.misc
Subject: Re: Trojan Horse a Myth?
Message-ID: <4810@spool.wisc.edu>
Date: Sat, 5-Dec-87 17:00:09 EST
Article-I.D.: spool.4810
Posted: Sat Dec  5 17:00:09 1987
Date-Received: Thu, 10-Dec-87 03:43:56 EST
References: <459@gtx.com>
Sender: news@spool.wisc.edu
Reply-To: dave@spool.wisc.edu (Dave Cohrs)
Organization: U of Wisconsin CS Dept
Lines: 36

> Can anyone relate a
> first-hand account of damage done to his/her system by a malicious
> Trojan Horse?

Well, that depends on what you consider "damage".  A trojan horse which
I dealt with many moons ago (not on a UNIX system) allowed the user,
eventually, to get a complete list of logins and plaintext passwords
for all logins on the system.  Lesson: never keep plaintext passwords
on line, they *will* be found out.  This intrusion was not discovered
for months.

Another user of that same system used a trojan horse to replace the
system message file (kinda equivalent to what perror() prints on
a UNIX system) with the source for a BASIC program.  That was pretty
"interesting".  The damage was temporary; when the machine rebooted,
it was all better.

More recently (only 3-4 years ago on a UNIX machine), some hackers
caught root with '.' in its path, and got root (I have to admit, I was
the root that got got) to run a bogus version of "write".  Luckily, I
was almost as fast as they were, and closed the hole quickly, within
minutes (luckily also, they were too slow to do any serious damage in
that time).  Lesson: *never* *ever* put '.' in root's path.  I still
get into arguments about this.

Is that first-hand enough?  In my experience, a Trojan Horse is the
simplest and most common form of system cracking.  Anyone who thinks
otherwise is setting themselves up for a fall.

If I remember correctly, a year or two ago, Gould had a "break our
secure system" contest.  Someone broke in using a Trojan Horse.  I'm
sure someone at Gould can give details, if they want.

Dave Cohrs
+1 608 262-6617                        UW-Madison Computer Sciences Department
dave@cs.wisc.edu                 ...!{harvard,ihnp4,rutgers,ucbvax}!uwvax!dave