Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Path: utzoo!watmath!clyde!burl!ulysses!allegra!princeton!orsvax1!pyrnj!caip!lll-crg!mordor!ut-sally!nather
From: nather@ut-sally.UUCP (Ed Nather)
Newsgroups: net.micro,net.micro.pc
Subject: MS-DOS tool to help detect Trojan Horse programs
Message-ID: <4664@ut-sally.UUCP>
Date: Thu, 10-Apr-86 10:22:17 EST
Article-I.D.: ut-sally.4664
Posted: Thu Apr 10 10:22:17 1986
Date-Received: Sat, 12-Apr-86 21:53:32 EST
Organization: U. Texas CS Dept., Austin, Texas
Lines: 15
Keywords: software terrorism
Xref: watmath net.micro:14304 net.micro.pc:7759

I have posted a program to net.sources which searches MS-DOS executable
files for ASCII strings and sends them to stdout.  It is modeled after the
Unix utility "strings" to operate in the more chaotic MS-DOS environment.
While it is not a general "Trojan Horse" detector it can find typical kinds
of "gloats" left by the terrorist.  It readily found the infamous Microsoft
"...bitter fruit -- Trashing Disk" message in MS Word, for example.

If the terrorist does not include a gloating message, of course, this program
won't help -- but what good is wanton destruction if you can't gloat about it?

-- 
Ed Nather
Astronomy Dept, U of Texas @ Austin
{allegra,ihnp4}!{noao,ut-sally}!utastro!nather
nather@astro.AS.UTEXAS.EDU