Path: utzoo!utgpu!jarvis.csri.toronto.edu!clyde.concordia.ca!uunet!usna!baldwin From: baldwin@usna.MIL (J.D. Baldwin) Newsgroups: comp.sys.ibm.pc Subject: Re: Trojan in Norton Summary: More than a rumor Keywords: trojan norton utilities Message-ID: <327@usna.MIL> Date: 26 Dec 89 19:47:23 GMT References: <25317@cup.portal.com> Reply-To: baldwin@cad.usna.mil (J.D. Baldwin) Distribution: na Organization: Canoe U. Lines: 49 In article <25317@cup.portal.com>, Roger William Preisendefer writes: >I recently have heard a nasty rumor concerning a possible Trojan Horse >in the Nortan Utilities. This trojan will erase your hard disk sometime >around the end of December, while displaying some sort of message. The >source for this rumor is Computing News, a newsletter from the US Naval >Academy. Does anyone have any information confirming (or debunking) this? The source for the "Computing News" article was this department. We received a copy of a memorandum from the Department of Energy's CIAC (Computer Incident Advisory Committee) describing this trojan. I do not personally know anything about this supposed trojan, but do have a copy of that memorandum. >It is supposed to be in the commercial release, not some pirated version >floating around the boards. Half right. The original memorandum (I have not seen the "Computing News" article) says, "According to information provided to CIAC, this trojan horse is not found in the version of Norton Utilities sold in commercial software outlets. It is only found in versions of Norton Utilities available from public sources (e.g., bulletin boards)." This and other parts of the memo imply that there is a PD version of Norton Utilities around some- where. I was not aware of this. In any case, your pirated and commercial copies are supposedly safe. If you use this PD version of Norton Utilities, check for the files NORTSHOT.EXE and NORTSHOT.ZIP. DO NOT EXECUTE THIS .EXE FILE! It will erase files with selected extensions if it determines the system date to be between 24 and 31 December. No information is provided about how widespread the trojan is or how much damage is anticipated. There is some other stuff in the memo about what *exactly* to look for in your .EXE or .ZIP files--I do not intend to reproduce this entire memo here, unless there is a lot of interest. If you have further questions or any information to contribute, the guy to call is: Tom Longstaff, CIAC Lawrence Livermore Nat'l Labs PO Box 808, L-540 Livermore, CA 94550 415-423-4416 (VOX) 415-422-4294 (FAX) e-mail: ciac@tiger.llnl.gov -- From the catapult of: |+| "If anyone disagrees with anything I _, J. D. Baldwin, Comp Sci Dept |+| say, I am quite prepared not only to __||____:::)=}- U.S. Naval Academy|+| retract it, but also to deny under \ / baldwin@cad.usna.navy.mil |+| oath that I ever said it." --T. Lehrer ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~