The Worm -- An Internet Virus

• Exploited three well known vulnerabilities in Unix systems
• Used these flaws to propagate itself
• Prevented discovery by protecting itself from detection
• Resulted in Denial of Service on infected systems
• Positive outcome was a major alert

Trojan Horse Clues

• Suspicious originator and distribution
• nontechnical
• Unexpected attributes
• size
• response time delay
• Undocumented origin and experience
• always should be suspect

Stealing Passwords

• Password spoof program
• a Trojan Horse program fakes the usual log-in sequence that the user expects and saves the password in a file
• Password theft by clever reasoning
• Password generation using the password file, an electronic dictionary, and the encryption function

Logic Bomb

• Triggered by a specific event
• time bomb trigger is time or date
• May lay dormant for long periods
• Logic Bomb Mail
• usually mailed to the system administrator
• exploits the privileges of the user

Compiler Trojan Horse

• Can spread wide damage because used by many users
• During compilation, certain lines of code will be replaced by malicious lines of code
• Especially dangerous because will not be detected by a source code review
• Only detected by examining the compiler source