DEFGEN4.CVP 910721 Related (non-viral) terms Two other groups of security breaking programs are very often confused with viri. The first is the "trojan horse", the second the "logic bomb." The confusion is understandable, as viral type programs, trojan horses and logic bombs make up the three largest distinct groups of security breaking software, and often one may "contain" the code of one another. A trojan horse is a program which pretends to do one thing, while performing another, unwanted action. The extent of the "pretence" may vary greatly. Many of the early PC trojans relied merely on the filename and a description on a bulletin board. "Login" trojans, popular among university student mainframe users, will mimic the screen display and prompts of the normal login program, and may, in fact, pass the username and password along to the valid login program, as well as stealing it. Some trojans may contain actual code which does what it is supposed to be doing, while performing additional nasty acts that it does not tell you about. (I make the distinction that trojans are always malicious, as opposed to "joke" or "prank" programs.) (A recent example of a trojan is the "AIDS Information Disk", often incorrectly indentified in both the general and computer trade press as a virus. Not to be confused with the, fairly rare, AIDS I and II viri, this program appears to have been part of a well organized extortion attempt. The "evaluation disks" were shipped to medical organizations in England and Europe, with covers, documentation and license agreements just like any real commercial product. When installed and run, it did give information and an evaluation of the subject's risk of getting AIDS, but it also modified the boot sequence so that after 90 reboots of the computer all files on the disk were encrypted. The user was informed that, in order to get the decryption key, a "license fee" had to be paid.) Trojan horse programs are sometimes referred to as an "Arf, arf" or "Gotcha" program from the screen messages of one of the first examples. A trojan horse may be used to plant a virus simply by infecting any existing program. A logic bomb is a malicious program which is triggered by a certain event or situation. Logic bomb code may be part of a regular program, or set of programs, and not activate when first run, thus having some of the features of a trojan. The trigger can be any event that can be detected by software, such as a date, username, CPU id, account name, or the presence or absence of a certain file. Viral programs and trojans may contain logic bombs. copyright Robert M. Slade, 1991 DEFGEN4.CVP 910721 ============= Vancouver p1@arkham.wimsey.bc.ca | "If a train station Institute for Robert_Slade@sfu.ca | is where a train Research into rslade@cue.bc.ca | stops, what happens User p1@CyberStore.ca | at a workstation?" Security Canada V7K 2G6 | Frederick Wheeler