dmimi@ecsvax.UUCP (01/29/86)
Dr. Dobbs Journal, Feb. 1986, has a list of 'Trojan Horse' programs. Those listed and the comment about each follows: 1. DROGAN.COM. Formats your disk and leaves with a rude message. It is 7040 bytes long. 2. DOSKNOWS.EXE. FAT killer misleanding named the same as the harmless DOSKNOWS system-status utility. The real DOSKNOWS is 5376 bytes long. 3. EGABTR. Billed as "improve your EGA display," but when run it deletes everything in sight and prints a thumb-to-noser. 4. FILER.EXE. Labeled "Great new filing system," reportedly wiped out 20 meg hard disk. 5. SECRET.BAS. Formats disks 6. STRIPES.EXE. Ddraws an American flag but copies the remote BBS configuration to another file (STRIPES.BQS) so the uploader can call back and down- load all the passwords. Clever! 7. VDIR.COM. This is the disk killer Jerry Pournelle wrote about in Byte.
tim@ism780c.UUCP (Tim Smith) (02/01/86)
>6. STRIPES.EXE. Ddraws an American flag but copies the remote BBS configuration > to another file (STRIPES.BQS) so the uploader can call back and down- > load all the passwords. Clever! Why aren't the passwords encrypted? -- Tim Smith sdcrdcf!ism780c!tim || ima!ism780!tim || ihnp4!cithep!tim
ejb@think.ARPA (Erik Bailey) (02/02/86)
In article <404@ism780c.UUCP> tim@ism780c.UUCP (Tim Smith) writes: >>6. STRIPES.EXE. Ddraws an American flag but copies the remote BBS configuration >> to another file (STRIPES.BQS) so the uploader can call back and down- >> load all the passwords. Clever! > >Why aren't the passwords encrypted? The way RBBS-PC works is that it sets up a file (RBBS-PC.DEF) which contains the various information the sysop used to configue his system (the name, security levels for various functions, and conferences, etc.). One of the things in here is the sysop's password for signing on remotely. Rather than giving 'first name/ last name', he gives 'password 1/password 2', and it recognizes him as sysop. If someone downloads this file (RBBS-PC normally protects the file RBBS-PC.DEF but if it is renames or copied...) they get THAT password, log on as sysop, look at the other passwords, and wreak havoc. Why are the not encrypted? Trust, probably. Ask Tom Mack (author of RBBS-PC)... --Erik -- Erik Bailey _-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- Erik Bailey -- 7 Oak Knoll (USENET courtesy of ihnp4!godot!ejb Arlington, MA 02174 Thinking Machines Corp. ejb@think.com.arpa (617) 643-0732 Cambridge, MA) "I once met a subliminal advertising man, just for a second." --S. Wright
USER=6C0K%UBC.MAILNET@MIT-MULTICS.arpa (09/24/86)
After reading the article "A Story of a Trojan Horse, With Some Suggestions for Dismounting Gracefully", by James H. Coombs <JAZBO@BROWNVM.BITNET>, in Volume 5 Issue 86 of the Info-IBMPC Digest, I must say that it provided a very valuable lesson for those for us who are lucky enough to never seen a trojan horse in action (yet). I think I can now understand the Info-IBMPC archive's source-code-only policy. However, I disagree with the article's suggestion that the person listed in the documentation of the program as the "author" is actually the perpetrator of the crime. It strikes me that someone clever enough to come up with such a trojan horse would be so stupid as to put their own name and phone number into a document which the intened victims is to receive. On the other hand, I think it is very conceivable that such person would use somebody else's name in an attempt to cause the named party some trouble along the way, for reasons which should be obvious. In conclusion, I think that it should be the true criminal that we scream at, not just anyone whose name happens to get put onto the documentation of a trojan horse program. Afterall, anyone could write anyone else's name into such a program. ...Sam