Trojans and Hoaxes (fwd)
James Harbeck
jharbeck at EMERALD.TUFTS.EDU
Wed Apr 23 19:38:52 EDT 1997
Some clearer info on the whole question from one in the know: my
brother, a computer type.
---------- Forwarded message ----------
Date: Wed, 23 Apr 1997 16:43:40 MDT
From: Reg Harbeck <rharbeck at gov.calgary.ab.ca>
To: jharbeck at emerald.tufts.edu
Subject: Trojans and Hoaxes
Regards, - Reg Harbeck, EDP Security Specialist
City of Calgary, DPSD, IBC, #8216
Phone: (403) 268-1808 Fax: (403) 268-2546
*** Forwarding note from DP1RH --CITYB 97-04-21 17:19 ***
To: DP8TH --CITYB Terry Harding DP6RT --CITYB Ray Tsun
From: Reg Harbeck <RHarbeck at Gov.Calgary.AB.Ca>
Subject: Trojans and Hoaxes
fyi
Regards, - Reg Harbeck, EDP Security Specialist
City of Calgary, DPSD, IBC, #8216
Phone: (403) 268-1808 Fax: (403) 268-2546
*** Forwarding note from INTERNET--CITYB 04/21/97 13:55 ***
To: DP1RH --CITYB
Subject: Trojans and Hoaxes
Comments: Authenticated sender is <secure-1 at mail.istar.ca>
From: "Sensible Security - Canada's Anti-Virus Prof" <secure-1 at istar.ca>
To: "Sensible Security On-Line Alert Subscriber List - TXT" <secure-1 at istar.ca>
Date: Mon, 21 Apr 1997 15:44:41 -5
Content-Transfer-Encoding: 7BIT
Reply-To: <secure-1 at istar.ca>
X-Epuejnte: 1.0 ------------ Body of Internet Mail follows -------------
THE AOL4FREE HOAX AND THE AOL4FREE.COM TROJAN HORSE
---------------------------------------------------
Recently there has been a lot of confusion regarding "AOL4FREE". The
confusion has been generated by two separate events:
1) The distribution of an AOL4FREE *hoax* message, which was spread
via email and usenet newsgroups. Other hoaxes include Good Times,
Irina, and PenPal Greetings.
2) The distribution of a genuine AOL4FREE.COM trojan horse program
which was spread a few weeks later.
THE HOAX MESSAGE
----------------
The original hoax message which was sent via email claimed there was
an email being distributed with the subject line "aol4free.com". The
hoax went on to claim that "within seconds of opening Ythe email" a
window appeared and began to display my files that were being
deleted".
Like other hoaxes it is important to point out that a user cannot be
infected or damaged simply by the subject line of an email. An
executable attachment to an email will not 'run' automatically. Like
other hoaxes this message should not be taken at face value.
THE AOL4FREE.COM TROJAN HORSE
-----------------------------
The AOL4FREE.COM trojan horse displays a message listing the
directories on your hard drive it is deleting, followed by the
message: "YOUR COMPUTER HAS JUST BEEN F--KED BY *VP* F--K YOU
AOL-LAMER"
A Trojan Horse is a program that deliberately does unpleasant things,
as well as (or instead of) its declared function. They are not capable
of spreading themselves and rely on users copying them. Because
trojan horses do not replicate they are not viruses and are not
frequently encountered.
It seems highly likely that this trojan horse was written as a
response to the original hoax warning in an attempt to confuse
computer users. Please note: it does *not* attack users via use of the
subject line of the email. The only way users can be damaged by this
trojan is (like any other trojan) if they decide to run it.
We do not believe this trojan horse is particularly common. However,
Dr Solomon's have written an 'extra driver' which is available from
their technical support department (support at uk.drsolomon.com). This
'extra driver' can be run in conjunction with Dr Solomon's FindVirus
and Dr Solomon's WinGuard to provide protection against this trojan
horse.
More information about the Candrama
mailing list