💾 Archived View for spam.works › mirrors › textfiles › hacking › trojan captured on 2023-06-14 at 16:58:26.
-=-=-=-=-=-=-
RUMORS OF WORMS AND TROJAN HORSES
Danger Lurking in the Public Domain
introduced and edited by Mike Guffey
-INTRODUCTION
There are literally thousands of free (or nearly free) programs
available in computerdom's Public Domain. Those who use them save
hundreds of dollars and thousands of hours. But many sneer at the
idea of anything worthwhile being "free". Thus personal computing
becomes divided into two camps: those who believe there are two
camps and the rest who use Public Domain software (but sport
no sense of moral superiority). For several years now rumors
have circulated about dangerous programs which, when run,
infest the innards of personal computers like parasites.
And unlike most software, these insideous programs don't go
away when the power is shut off. The story is they invade
ROMs and "eat" memory away each time hardware is powered up.
The legends have a basis in fact. For such horrors =do= exist
in the world of mainframes. Probably first created by a bored
or disgruntled programmer, such programs have been unleashed
inside some of this country's largest computers. Generally,
they are not outwardly visible, but begin the attack like a
low grade fever. And these horrible little strings of code do
damage a little at a time, slowly building in intensity. At
first, things start going slightly awry. Ultimately, the
system crashes or must be shut down. One recent magazine
article called these creations "computer viruses". Just =how=
damaging such programs can be (or have been) has not been
fully publicized. But the facts lie on a razor's edge
between science fiction and tomorrow's headlines. They are
believed to pose a serious potential threat to national
security. Some say the first of such monsters appeared on
computer bulletin boards (BBS's) named "WORM.COM". [Remember
that it is only recently that any online descriptions began to
be posted next to program names. Some BBS's, notably CP/M
based systems, still do not offer any explanation beyond the
program name or notes in the associated message base part of the
system.] And almost every computer user group has at least
one experienced member who can tell the horrible tales of
what these programs do. Actual witnesses to the destruction or
victims of the atrocities seem to be =very= rare. Related to
the twisted thinking behind such criminal mischief is the
so-called "TWIT" phenomenon. Twits are computer vandals who
glory in breaking into and "crashing" or seriously damaging
remote computer systems. The targets range from neighborhood
BBS's to any large computers which can be accessed via phone
lines. And while such mental midgets have been glorified in the
media and mis-labeled as "hackers", their very existence causes
hysteria in and amongst the non-computing public at large.
Computer security for large and small remote computer systems is
getting better at screening out or scaring off "twits". But they
still exist. There are indications that some have graduated from
incessant attempts to break into BBS's. Instead they bring forth
Trojan horses: damaging programs disguised as utilities and
mis-labled or misdocumented as new treasures of the Public
Domain.
==]#[=== The following data was recently retreived from a
California BBS: WARNING! DANGEROUS PROGRAMS 1) Warning: Someone
is [or may be] trying to destroy your data. Beware of a SUDDEN
upsurge of [spurious] programs on Bulletin Boards and in the Public
Domain. These programs purport to be useful utilities, but, in
reality, are designed to sack your system. One has shown up as EGABTR,
a program that claims to show you how to maximize the features of
IBM'S Enhanced Graphics Adapter. It has also been spotted
renamed as a new super-directory program. It actually erases
the (F)ile (A)llocation (T)ables on your hard disk, [thereby
rendering all data useless and inaccessible]. For good measure,
it asks you to put a disk in Drive A:, then another in Drive B:.
After it has erased those FATs too, it displays,
" Got You! Arf! Arf! " Don't [casually] run any
public-domain program that is not a known quantity. Have
someone you know and trust vouch for it. ALWAYS examine it
FIRST with DEBUG [or DDT or a similar utility]. Look at
all the ASCII strings and data. If there is anything even
slightly suspicious about it, [either] do a cursory disassembly
[or discard it]. [For MSDOS programs] be wary of disk calls
(INTERRUPT 13H), especially if the program has no business
writing to the disk. Run your system in Floppy only mode
with write protect tabs on the disk or junk disks in the
drives. Speaking of Greeks bearing gifts, Aristotle said
that the unexamined life is not worth living. The unexamined
program [may not be] worth running. - from The Editors of PC
July 23, 1985 Volume 4, Number 15 2) Making the rounds of the
REMOTE BULLETIN BOARDS [is] a program called VDIR.COM. It is a
little hard to tell what the program is suppose to do. What it
actually does is TRASH your system. It writes garbage onto
ANY disk it can find, including hard disks, and flashes up
various messages telling you what it is doing. It's a TIME BOMB:
once run, you can't be sure what will happen next because it
doesn't always do anything immediately. At a later time, though,
it can CRASH your system. Anyway, you'd do well to avoid
VDIR.COM. I expect there are a couple of harmless, perhaps even
useful, Public Domain programs floating about with the name VDIR;
and, of course, anyone warped enough to launch this kind of trap
once, can do it again. Be careful about untested "free"
software. [paraphrased from Computing at Chaos Manor From the
living Room By Jerry Pournelle BYTE Magazine, The small systems
Journal] Two other examples of this type of program: 1.
STAR.EXE presents a screen of stars then copies RBBS-PC.DEF
and renames it. The caller then calls back later and d/l the
innocently named file, and he then has the SYSOP'S and all the
Users passwords. 2. SECRET.BAS This file was left on an RBBS
with a message saying that the caller got the file from a
mainframe, and could not get the file to run on his PC, and asked
someone to try it out. When it was executed, it formatted all
disks on the system. We must remember, that there are a few
idiots out there who get great pleasure from destroying
other peoples' equipment. Perverted I know, but we, the
serious computer users, must take an active part in fighting
against this type of stuff, to protect what we have. Be sure to
spread this [message] to other BBS's across the country so that
as many people as possible will be aware of what is going on.
[from The Flint Board Flint, Mich (313) 736-8031]
===]#[=== -EPILOGUE Got your attention? There is
no need to hatchet your modem and erase your communications
software. While such programs can do tremendous damage, they
are, fortunately, very rare. The following is an
expansion of the countermeasures suggested above. A)
More?
Never, NEVER, N>E>V>E>R>! download and run Public Domain
software (the first time) on a hard disk. While many programs
are well known, it is a logical presumption that Trojan
horse-type programs may have been uploaded with the name of a
well-known utility. Or as a new version of one of your old
favorites. Download them to a blank floppy or to a disk you have
a current backup copy of. B) Get in the habit of examining
unknown software with HEX/ASCII utilities that will reveal
copyright data, documentation, program error and prompt messages.
A good choice in MSDOS is called PATCH.COM and in CP/M there
is DUMPX.COM. Even if a program is written in protected BASIC,
you may still be able to find some useful data this way.
[This is also a way to find documentation for good programs
without .DOC files or descriptions.] C) Be wary of text files
suggesting patches with DEBUG or DDT that you do not
understand. ALWAYS make such modifications to a backup copy of
your .COM, .EXE, .OVR files. There are no known examples of
Trojan horses appearing this way, but... D) Make those BBS's
which screen programs before making them available your
first (but not your only) choice for acquiring new PD software.
If you cannot figure out what a program does, =don't= upload
it to some other BBS. E) Be wary but not paranoid. Be careful
but not overcautious. Do not fan the fires of hysteria by
More?
passing along rumors of worms and Trojan horses. Speak of what
you =know=. There are alot of good programs out there in the