ccmlh@iceman.oz.au (Michael L Hope) (03/14/90)
Hi,
Recently I saw a rather disturbing article on what appeared to be a
distructive Macintosh trojan horse in Canada. The article appeared in
the 19th February issue of the Australian magazine COMPUTING on page
eight. The article refers to two programs 'Mosaic' and 'Fontfinder'
that were downloaded from a bulliten board in Canada and contained the
trojan horse. The trojan then destroyed the directories of all
unlocked hard and floppy disks that were available. This included the
disk containing the trojan program. The affected disks were then
named "Gotcha!". In the article most of the data was apparently
recovered using a utility program, except for the filenames. Does
anyone know more on this trojan? Is it isolated to Canada? Is this
the only destructive trojan/virus program attacking the mac?
Michael Hope
James Cook University
{ccmlh@iceman.jcu.oz}werner@cs.utexas.edu (Werner Uhrig) (03/16/90)
[Michael Hope <ccmlh@iceman.jcu.oz> asks about the recent trojans] I spoke just tonight with one of the persons involved in catching and reporting the trojans (there were 3 total reported so far, each nastier than the previous) - and whereas you may be able to recover some files with one or the other recovery program, you cannot count on that in all cases. no spreading of the trojans outside of the Canadian city has been reported yet (other than to the anti-viral software developers group of which I am member) and all kind of Canadian and US-police is trying to track down the perpetrators and a price has been put out on their scalp(s) ...(yep, folks, you can have my oldest son - or $10) I know only of one case where actual damage was done to a system (and that was carelesness or even stupidity, actually, after having been warned that the program was a trojan) if anyone knows of other sightings or other damage, please let me know. ---Werner - --------------------------> please send REPLIES to <------------------------ INTERNET: werner@cs.utexas.edu or: werner@rascal.ics.utexas.edu (Internet # 128.83.144.1) UUCP: ...<well-connected-site>!cs.utexas.edu!werner