THIS IS A COMBINATION OF FILES UPLOADED TO PDSE BY DAVID GEERINCK OF HACKETTSTOWN, NJ, ON 10/17/85 ******************************************************************** Msg # 583 Dated 09-13-84 06:27:16 From: DON BEILFUSS To: CONFIDENTIAL Re: BOARD CRASHING Bob, and others: First of all, thanks Bob for helping the other evening with my board crashing problem. I have spent considerable time on the data and this is what I have concluded. 1. Someone using the name, Walter Koenig, uploaded a file called STARS3.EXE to my board. (the Trojan Horse, if you will) 2. Within the next day, I had executed the program to see what it was. 3. It creates a starfield background that could be used as part of a game, like STARTREK. 4. One of the program's actions is to copy RBBS-PC.DEF to RBBS-PC. 5. 24 hours after uploading, Walter logged on again and downloaded RBBS-PC (I didn't even know it was there) 6. Within 4 minutes, a call came in with the user identifying himself as a Remote Sysop. 7. During this call, he used Sysop #8 to give a user sysop level access. 8. Naturally, after he escaped into DOS, he listed my password file, deleted the RBBS-PC file, and did what ever else someone like this does for cheap thrills. See next message... Msg # 584 Dated 09-13-84 06:35:22 From: DON BEILFUSS To: CONFIDENTIAL Re: BOARD CRASHING CON'T 9. The username that he used for subsequent logons was Moe Greene. I took the following action. I changed all of the Sysop functions to require a higher level of access than the Sysop is granted on logon. This appeared to stifle his access to DOS, but I did a few more things to help insure the system. 1. I downgraded all special users to normal access levels. 2. I changed all of my passwords on Files and Groups 3. I changed the name of my password files. 4. I patched my RBBS-PC.EXE file to use a different filename for configuration. Norton works well for this. 5. I put all restricted functions at security levels far beyond the Sysop Access Level. 6. I altered my directory structure to reflect a more concise restricted area for the BBS in that particular background partition. 7. I left both usernames on the system with levels below minimum and a message for both Walter and Moe. See next message. Msg # 585 Dated 09-13-84 06:43:09 From: DON BEILFUSS To: CONFIDENTIAL Re: BOARD CRASHING CON'T This morning when I checked the system, Moe had been on again and this time he left a message that RBBS had a large hole in it and he had "taken my system". During the evening two days ago, I caught him using the system identified as one of my friends. I knewthis because my friend was out of town on vacation, but obviously he didn't know that. We chatted at bit and I definitely proved it was a masquerade through one or another false statements that my friend would not have been tripped up on. Also the typing skills and vocabulary were that of some- one in junior high instead of an adult technical specialist. One last note, anyone who reads this message and uses the Astrix Computer System has had their password compromised. If you are in the habit of using the same password on all of the boards that you frequent, you may want to start using a different one. The users of this bulletin board should be aware of a very scary thing that happened recently on a bulletin board in the Rockville/Gaithersburg area. Some clown UPLOADed a BASIC program called SECRET.BAS. Then he left a message to all users claiming he had hacked this program from a mainframe and he was having a problem getting it to run on his personal computer. He asked anyone who could get the thing to run to leave him a message telling him about it. (Which of us could resist such a plea?) As it turned out the program ran fine and this #$%&^* knew it! What the program did was to erase all the files on the disk(s) on the computer that ran it!! ALL THE FILES ... ON ALL THE DISKS !!! After a couple of users lost their disks the word got around and the "killer" progam was deleted from the bulletin board. But it could happen again. It could happen here. Please y'all, be careful. Look over the programs you DOWNLOAD before you run them (or have good and recent backups). Bruce N. McCausland The following is from MEMO DANGER in the PCSHARE subconference of CONTACT (at UC Berkeley): <<< MEMO DANGER - 104 lines, 1 append(s) >>> from DAY15 on 08/15/85 at 05:40:21 WARNING! DANGEROUS PROGRAMS I just found the following file on a local bulletin board. It's difficult to believe that people can be this vicious. Please do everything you can to spread the word. Burt Alperson The file: ====================== BULLETIN #1 ======================= The following 2 Articles I got from 2 magazines (I will give the reference at the end of the article), and I thought that you might like to see this. WARNING! Warning: Someone is trying to destroy your data. Beware of the SUDDEN upsurge of "Trojan Horse" programs on Bulletin Boards and in the public domain. These programs purport to be useful utilities, but, in reality, they are designed to sack your system. One has shown up as EGABTR, a program that claims to show you how to maximize the features of IBM'S Enhanced graphics Adapter, and has also been spotted as a new super-directory program. It actually erases the file allocation tables on your hard disk. For good measure, it asks you to put a disk in Drive A:, then another in Drive B:. After it has erased those FATs too, it displays, " Got You! Arf! Arf! " Don't run any public-domain program that is not a known quantity. Have someone you know and trust vouch for it. ALWAYS examine it FIRST with DEBUG, looking for all the ASCII strings and data. If there is anything even slightly suspicious about it, do a cursory disassembly. Be wary of disk calls (INTERRUPT 13H), especially if the program has no business writing to the disk. Run your system in Floppy only mode with write protect tabs on the disk or junk disks in the drives. Speaking of Greeks bearing gifts, Aristotle said that the unexamined life is not worth living. The unexamined program is not worth running. - The Editors of PC July 23, 1985 Volume 4, Number 15 Another bit of information I got from the ARPANET: Be careful what you put into your machine. There is out there making the rounds of the REMOTE BULLETIN BOARDS a program called VDIR.COM. It is a little hard to tell what the program is suppose to do. What it actually does is TRASH your system. It writes garbage onto ANY disk it can find, including hard disks, and flashes up various messages telling you what it is doing. It's a TIME BOMB: once run, you can't be sure what will happen next because it doesn't always do anything immediately. At a later time, though, it can CRASH your system. Does this remind you of some of the imbecilic copy-protection schemes threatened by companies such as Vault and Defendisk? Anyway, you'd do well to avoid VDIR.COM. I expect there are a couple of harmless-perhaps even useful-Public Domain programs floating about with the name VDIR; and, of course, anyone warped enough to Launch this kind of Trap once, can do it again. Be careful about untested "Free" software. Computing at Chaos Manor From the living Room By Jerry Pournelle BYTE Magazine, The small systems Journal ############################################################################### Well there it is, If you happen to see any of these files on this, or any other RBBS, IBBS, FIDO or any other board, PLEASE leave the SYSOP a message or a and let him know about the file. I will List 2 other Files that I am aware of that will also do damage as has been reported in the past: 1. STAR.EXE presents a screen of stars then copies RBBS-PC.DEF and renames it. The caller then calls back later and d/l the innocently named file, and he then has the SYSOP'S and all the Users passwords. 2. SECRET.BAS This file was left on an RBBS with a message saying that the caller got the file from a mainframe, and could not get the file to run on his PC, and asked someone to try it out. When it was executed, it formatted all disks on the system. We must remember, that there are a Few idiots out there who get great pleasure from destroying other peoples equipment. Perverted I know, but we, the serious computer users must take an active part in Fighting against this type of stuff, to protect what we have. Be sure to spread this bulletin to other Boards across the country so that as many people as possible will be aware of what is going on. Thanks alot! ........................ Kerry The Flint Board Flint, Mich (313) 736-8031 +++ CREATED 08/13/85 22:35:52 BY +PW/BURT +++ *** CREATED 08/15/85 05:40:51 BY PCSHARE ***