💾 Archived View for spam.works › mirrors › textfiles › hacking › trojan captured on 2023-11-14 at 09:59:34.

View Raw

More Information

⬅️ Previous capture (2023-06-14)

-=-=-=-=-=-=-

                 RUMORS OF WORMS AND TROJAN HORSES               
		 Danger Lurking in the Public Domain
                 introduced and edited by Mike Guffey

-INTRODUCTION
There are literally thousands of free (or nearly  free) programs
available in computerdom's Public Domain. Those who use them save
hundreds of dollars and thousands of hours.  But many sneer at the
idea of anything worthwhile being "free".  Thus personal computing
becomes divided into two camps: those who believe there are two
camps and the rest who use  Public  Domain  software (but sport
no sense of moral superiority).   For several years now  rumors 
have  circulated  about  dangerous programs  which,  when  run,  
infest  the  innards  of  personal computers  like  parasites.  
And  unlike  most  software,  these insideous programs don't go
away when the power is shut off.  The story  is  they  invade 
ROMs  and "eat" memory  away  each  time hardware is powered up. 
 The legends have a basis in fact.  For such horrors =do= exist
in the world of mainframes.  Probably first  created  by  a bored
or disgruntled programmer, such programs  have been unleashed
inside some  of  this country's largest computers.  Generally,
they  are not outwardly visible, but begin the  attack  like  a 
low  grade fever.   And these horrible little strings of code  do 
damage  a little at a time, slowly building in intensity.  At
first, things start going slightly awry.   Ultimately,  the 
system  crashes or must  be  shut  down.  One recent magazine
article  called  these creations "computer viruses".  Just =how= 
damaging such programs can be (or have  been)  has  not  been
fully publicized.  But the facts  lie   on  a  razor's  edge 
between  science  fiction  and tomorrow's  headlines.   They are 
believed  to  pose  a  serious potential threat to national
security.   Some say the first of such monsters appeared on
computer bulletin boards  (BBS's)  named  "WORM.COM".  [Remember 
that  it is  only recently that any online descriptions began to
be posted next  to program names.  Some  BBS's, notably CP/M
based systems, still do not offer any explanation beyond the
program name or notes in the associated message base part of the
system.]   And  almost  every computer user  group  has at least
one experienced member who can tell  the  horrible  tales  of 
what  these  programs do.  Actual witnesses to the destruction or
victims of the atrocities seem to be =very= rare.   Related to 
the twisted thinking behind such criminal mischief is the
so-called "TWIT" phenomenon.   Twits are computer vandals who
glory  in  breaking  into  and  "crashing" or seriously  damaging
remote computer  systems.   The  targets  range from neighborhood
BBS's to any large  computers  which  can  be  accessed via phone
lines.  And while such  mental midgets have been glorified in the
media and mis-labeled as  "hackers",  their very existence causes
hysteria in and amongst the non-computing public at large.  
Computer security for  large and small remote computer systems is
getting better at screening out or scaring off "twits". But  they
still exist.  There are indications that some have graduated from
incessant attempts to break into BBS's. Instead  they bring forth
Trojan  horses:  damaging  programs  disguised as  utilities  and
mis-labled  or  misdocumented as  new  treasures  of  the  Public
Domain.
	==]#[=== The following data was recently retreived from a
California BBS: WARNING! DANGEROUS PROGRAMS 1)  Warning:  Someone
is [or may be] trying to destroy your data.  Beware  of  a  SUDDEN
upsurge of [spurious] programs on Bulletin Boards and in the Public
Domain.  These programs purport to be useful utilities, but, in
reality, are designed to sack your system.  One has shown up as EGABTR,
a program that claims to show you how to maximize the  features  of
IBM'S  Enhanced  Graphics  Adapter.  It  has  also  been  spotted
renamed as  a new super-directory program.  It actually erases
the  (F)ile (A)llocation (T)ables on your hard disk, [thereby
rendering all data useless and inaccessible].  For good measure,
it asks you to put a disk in Drive A:, then another in Drive B:.
After it has erased those FATs too, it displays,                 
     "  Got You! Arf! Arf!  "  Don't [casually] run  any 
public-domain  program  that  is not a known quantity.  Have 
someone  you  know and trust vouch for it.  ALWAYS  examine  it 
FIRST  with  DEBUG  [or  DDT  or  a  similar utility].  Look at
all the ASCII  strings  and data.  If there is anything even
slightly suspicious about it, [either] do a cursory disassembly
[or discard it].   [For  MSDOS  programs]  be wary of disk  calls 
(INTERRUPT  13H),  especially  if the program has no business
writing  to  the  disk.   Run your system in Floppy only mode
with write protect  tabs  on  the  disk or junk disks in the
drives.   Speaking  of  Greeks  bearing  gifts,  Aristotle  said 
that  the unexamined life is not worth living.  The unexamined
program [may not be] worth running.   - from The Editors of PC  
July 23, 1985   Volume 4, Number 15   2) Making the rounds of the
REMOTE BULLETIN BOARDS [is] a program called VDIR.COM. It is  a
little hard to tell what the program is suppose to do.   What it
actually does is TRASH your system.   It  writes  garbage onto 
ANY  disk it can find, including hard disks, and flashes up
various messages telling you what it is doing.  It's a TIME BOMB:
once run, you can't  be  sure  what  will  happen next because it
doesn't always do anything immediately.  At a later time, though,
it  can  CRASH  your system.  Anyway,  you'd  do  well  to  avoid
VDIR.COM. I expect there are a  couple  of harmless, perhaps even
useful, Public Domain programs floating about with the name VDIR;
and,  of course, anyone warped enough to launch this kind of trap
once,  can  do  it  again.   Be  careful  about  untested  "free"
software.   [paraphrased from  Computing at Chaos Manor  From the
living Room  By Jerry Pournelle  BYTE Magazine, The small systems
Journal]   Two other examples of this type of program:  1.
STAR.EXE presents a screen  of  stars  then copies RBBS-PC.DEF
and renames it.  The  caller  then  calls  back later and d/l the
innocently  named file, and he then has the SYSOP'S and  all  the
Users passwords.   2. SECRET.BAS This file was left on an RBBS
with a message saying that the caller got  the file from a
mainframe, and could not get the file to run on his PC, and asked
someone to try it out.  When it was executed, it formatted all
disks on the system.   We must remember, that there are a few 
idiots  out there who get great   pleasure   from   destroying 
other  peoples'  equipment.  Perverted  I know, but we, the
serious computer users, must  take an active part in fighting
against this type of stuff, to protect what we have.  Be sure  to
spread  this [message] to other BBS's across the country so that
as many  people  as  possible  will be aware of what is going on. 
 [from The Flint Board Flint, Mich (313) 736-8031]               
             ===]#[===  -EPILOGUE  Got your attention?  There is
no need  to  hatchet your modem and erase  your communications
software.  While such programs can  do tremendous  damage,  they 
 are,  fortunately,  very  rare.   The following  is  an 
expansion  of  the  countermeasures  suggested above.   A) 
More?  
Never, NEVER, N>E>V>E>R>!  download  and  run  Public  Domain
software (the first time) on a hard disk.   While  many  programs
are  well  known,  it  is  a  logical  presumption  that   Trojan
horse-type  programs may have been uploaded with the  name  of  a
well-known  utility.   Or  as  a  new version of one of your  old
favorites.  Download them to a blank floppy or to a disk you have
a current backup copy of.   B) Get in the habit of examining
unknown  software with HEX/ASCII utilities that will reveal
copyright data, documentation, program error and prompt messages. 
 A  good  choice  in  MSDOS is called PATCH.COM and in CP/M there
is DUMPX.COM. Even  if  a  program is written in protected BASIC,
you may still be able  to  find  some useful data this  way. 
[This is also a way to find documentation for good programs
without .DOC files or descriptions.]   C) Be wary of text files
suggesting  patches  with  DEBUG  or DDT that you do not
understand.  ALWAYS make such modifications to  a backup copy of
your .COM, .EXE, .OVR  files.   There are no known examples of
Trojan horses appearing this way, but...   D) Make those BBS's
which  screen  programs  before  making  them available your
first (but not your only) choice for acquiring new PD software.  
If  you  cannot  figure  out  what a program does, =don't= upload
it to some other BBS.  E)  Be wary but not paranoid.  Be  careful
but not  overcautious.  Do not fan the fires of hysteria by
More?  
passing along rumors of worms and Trojan horses.   Speak  of what
you =know=. There are alot of good programs out there  in the