Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Path: utzoo!mnetor!seismo!brl-adm!brl-smoke!smoke!USER=6C0K%UBC.MAILNET@MIT-MULTICS.arpa From: USER=6C0K%UBC.MAILNET@MIT-MULTICS.arpa Newsgroups: net.micro Subject: Trojan Horse Programs Message-ID: <4076@brl-smoke.ARPA> Date: Tue, 23-Sep-86 21:46:41 EDT Article-I.D.: brl-smok.4076 Posted: Tue Sep 23 21:46:41 1986 Date-Received: Wed, 24-Sep-86 07:13:33 EDT Sender: news@brl-smoke.ARPA Lines: 24 After reading the article "A Story of a Trojan Horse, With Some Suggestions for Dismounting Gracefully", by James H. Coombs , in Volume 5 Issue 86 of the Info-IBMPC Digest, I must say that it provided a very valuable lesson for those for us who are lucky enough to never seen a trojan horse in action (yet). I think I can now understand the Info-IBMPC archive's source-code-only policy. However, I disagree with the article's suggestion that the person listed in the documentation of the program as the "author" is actually the perpetrator of the crime. It strikes me that someone clever enough to come up with such a trojan horse would be so stupid as to put their own name and phone number into a document which the intened victims is to receive. On the other hand, I think it is very conceivable that such person would use somebody else's name in an attempt to cause the named party some trouble along the way, for reasons which should be obvious. In conclusion, I think that it should be the true criminal that we scream at, not just anyone whose name happens to get put onto the documentation of a trojan horse program. Afterall, anyone could write anyone else's name into such a program. ...Sam