147 lines
8.9 KiB
Plaintext
147 lines
8.9 KiB
Plaintext
RUMORS OF WORMS AND TROJAN HORSES
|
|
Danger Lurking in the Public Domain
|
|
introduced and edited by Mike Guffey
|
|
|
|
-INTRODUCTION
|
|
There are literally thousands of free (or nearly free) programs
|
|
available in computerdom's Public Domain. Those who use them save
|
|
hundreds of dollars and thousands of hours. But many sneer at the
|
|
idea of anything worthwhile being "free". Thus personal computing
|
|
becomes divided into two camps: those who believe there are two
|
|
camps and the rest who use Public Domain software (but sport
|
|
no sense of moral superiority). For several years now rumors
|
|
have circulated about dangerous programs which, when run,
|
|
infest the innards of personal computers like parasites.
|
|
And unlike most software, these insideous programs don't go
|
|
away when the power is shut off. The story is they invade
|
|
ROMs and "eat" memory away each time hardware is powered up.
|
|
The legends have a basis in fact. For such horrors =do= exist
|
|
in the world of mainframes. Probably first created by a bored
|
|
or disgruntled programmer, such programs have been unleashed
|
|
inside some of this country's largest computers. Generally,
|
|
they are not outwardly visible, but begin the attack like a
|
|
low grade fever. And these horrible little strings of code do
|
|
damage a little at a time, slowly building in intensity. At
|
|
first, things start going slightly awry. Ultimately, the
|
|
system crashes or must be shut down. One recent magazine
|
|
article called these creations "computer viruses". Just =how=
|
|
damaging such programs can be (or have been) has not been
|
|
fully publicized. But the facts lie on a razor's edge
|
|
between science fiction and tomorrow's headlines. They are
|
|
believed to pose a serious potential threat to national
|
|
security. Some say the first of such monsters appeared on
|
|
computer bulletin boards (BBS's) named "WORM.COM". [Remember
|
|
that it is only recently that any online descriptions began to
|
|
be posted next to program names. Some BBS's, notably CP/M
|
|
based systems, still do not offer any explanation beyond the
|
|
program name or notes in the associated message base part of the
|
|
system.] And almost every computer user group has at least
|
|
one experienced member who can tell the horrible tales of
|
|
what these programs do. Actual witnesses to the destruction or
|
|
victims of the atrocities seem to be =very= rare. Related to
|
|
the twisted thinking behind such criminal mischief is the
|
|
so-called "TWIT" phenomenon. Twits are computer vandals who
|
|
glory in breaking into and "crashing" or seriously damaging
|
|
remote computer systems. The targets range from neighborhood
|
|
BBS's to any large computers which can be accessed via phone
|
|
lines. And while such mental midgets have been glorified in the
|
|
media and mis-labeled as "hackers", their very existence causes
|
|
hysteria in and amongst the non-computing public at large.
|
|
Computer security for large and small remote computer systems is
|
|
getting better at screening out or scaring off "twits". But they
|
|
still exist. There are indications that some have graduated from
|
|
incessant attempts to break into BBS's. Instead they bring forth
|
|
Trojan horses: damaging programs disguised as utilities and
|
|
mis-labled or misdocumented as new treasures of the Public
|
|
Domain.
|
|
==]#[=== The following data was recently retreived from a
|
|
California BBS: WARNING! DANGEROUS PROGRAMS 1) Warning: Someone
|
|
is [or may be] trying to destroy your data. Beware of a SUDDEN
|
|
upsurge of [spurious] programs on Bulletin Boards and in the Public
|
|
Domain. These programs purport to be useful utilities, but, in
|
|
reality, are designed to sack your system. One has shown up as EGABTR,
|
|
a program that claims to show you how to maximize the features of
|
|
IBM'S Enhanced Graphics Adapter. It has also been spotted
|
|
renamed as a new super-directory program. It actually erases
|
|
the (F)ile (A)llocation (T)ables on your hard disk, [thereby
|
|
rendering all data useless and inaccessible]. For good measure,
|
|
it asks you to put a disk in Drive A:, then another in Drive B:.
|
|
After it has erased those FATs too, it displays,
|
|
" Got You! Arf! Arf! " Don't [casually] run any
|
|
public-domain program that is not a known quantity. Have
|
|
someone you know and trust vouch for it. ALWAYS examine it
|
|
FIRST with DEBUG [or DDT or a similar utility]. Look at
|
|
all the ASCII strings and data. If there is anything even
|
|
slightly suspicious about it, [either] do a cursory disassembly
|
|
[or discard it]. [For MSDOS programs] be wary of disk calls
|
|
(INTERRUPT 13H), especially if the program has no business
|
|
writing to the disk. Run your system in Floppy only mode
|
|
with write protect tabs on the disk or junk disks in the
|
|
drives. Speaking of Greeks bearing gifts, Aristotle said
|
|
that the unexamined life is not worth living. The unexamined
|
|
program [may not be] worth running. - from The Editors of PC
|
|
July 23, 1985 Volume 4, Number 15 2) Making the rounds of the
|
|
REMOTE BULLETIN BOARDS [is] a program called VDIR.COM. It is a
|
|
little hard to tell what the program is suppose to do. What it
|
|
actually does is TRASH your system. It writes garbage onto
|
|
ANY disk it can find, including hard disks, and flashes up
|
|
various messages telling you what it is doing. It's a TIME BOMB:
|
|
once run, you can't be sure what will happen next because it
|
|
doesn't always do anything immediately. At a later time, though,
|
|
it can CRASH your system. Anyway, you'd do well to avoid
|
|
VDIR.COM. I expect there are a couple of harmless, perhaps even
|
|
useful, Public Domain programs floating about with the name VDIR;
|
|
and, of course, anyone warped enough to launch this kind of trap
|
|
once, can do it again. Be careful about untested "free"
|
|
software. [paraphrased from Computing at Chaos Manor From the
|
|
living Room By Jerry Pournelle BYTE Magazine, The small systems
|
|
Journal] Two other examples of this type of program: 1.
|
|
STAR.EXE presents a screen of stars then copies RBBS-PC.DEF
|
|
and renames it. The caller then calls back later and d/l the
|
|
innocently named file, and he then has the SYSOP'S and all the
|
|
Users passwords. 2. SECRET.BAS This file was left on an RBBS
|
|
with a message saying that the caller got the file from a
|
|
mainframe, and could not get the file to run on his PC, and asked
|
|
someone to try it out. When it was executed, it formatted all
|
|
disks on the system. We must remember, that there are a few
|
|
idiots out there who get great pleasure from destroying
|
|
other peoples' equipment. Perverted I know, but we, the
|
|
serious computer users, must take an active part in fighting
|
|
against this type of stuff, to protect what we have. Be sure to
|
|
spread this [message] to other BBS's across the country so that
|
|
as many people as possible will be aware of what is going on.
|
|
[from The Flint Board Flint, Mich (313) 736-8031]
|
|
===]#[=== -EPILOGUE Got your attention? There is
|
|
no need to hatchet your modem and erase your communications
|
|
software. While such programs can do tremendous damage, they
|
|
are, fortunately, very rare. The following is an
|
|
expansion of the countermeasures suggested above. A)
|
|
More?
|
|
Never, NEVER, N>E>V>E>R>! download and run Public Domain
|
|
software (the first time) on a hard disk. While many programs
|
|
are well known, it is a logical presumption that Trojan
|
|
horse-type programs may have been uploaded with the name of a
|
|
well-known utility. Or as a new version of one of your old
|
|
favorites. Download them to a blank floppy or to a disk you have
|
|
a current backup copy of. B) Get in the habit of examining
|
|
unknown software with HEX/ASCII utilities that will reveal
|
|
copyright data, documentation, program error and prompt messages.
|
|
A good choice in MSDOS is called PATCH.COM and in CP/M there
|
|
is DUMPX.COM. Even if a program is written in protected BASIC,
|
|
you may still be able to find some useful data this way.
|
|
[This is also a way to find documentation for good programs
|
|
without .DOC files or descriptions.] C) Be wary of text files
|
|
suggesting patches with DEBUG or DDT that you do not
|
|
understand. ALWAYS make such modifications to a backup copy of
|
|
your .COM, .EXE, .OVR files. There are no known examples of
|
|
Trojan horses appearing this way, but... D) Make those BBS's
|
|
which screen programs before making them available your
|
|
first (but not your only) choice for acquiring new PD software.
|
|
If you cannot figure out what a program does, =don't= upload
|
|
it to some other BBS. E) Be wary but not paranoid. Be careful
|
|
but not overcautious. Do not fan the fires of hysteria by
|
|
More?
|
|
passing along rumors of worms and Trojan horses. Speak of what
|
|
you =know=. There are alot of good programs out there in the
|
|
|