[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
TROJAN HORSE CALLED CHINON
============================================================================
SUBJECT: ALERT RAISED ON TROJAN HORSE CALLED CHINON
SOURCE: Newsbytes via Fulfillment by INDIVIDUAL, Inc.
DATE: July 1, 1994
INDEX: [1]
----------------------------------------------------------------------------
PITTSBURGH, PENNSYLVANIA, U.S.A., 1994 JUL 1 (NB) via INDIVIDUAL, Inc. --
Newsbytes has confirmed that a new "Trojan horse," named the "Chinon" or
"CD-IT" program, is being spread by "unknown hackers" on the Internet.
Newsbytes confirmed through the Computer Emergency Response Team at
Carnegie-Mellon University in Pittsburgh that the program has been
distributed by unknown persons on the Internet, from which it can be
downloaded. Unlike a virus, a piece of code which hides from users and then
causes destruction, a Trojan horse masquerades as a helpful program, but
then causes damage when downloaded.
The program alleges to be a shareware utility for PCs that will convert
an ordinary CD-ROM drive into a CD-Recordable device. That is technically
impossible. Instead the program destroys critical system files on a user's
hard drive and can crash the CPU, forcing its user to reboot while
remaining in memory.
According to a spokesman for CERT, the only remedy now known for infected
computers is a regular back-up of the hard drive. Once the Trojan horse is
activated, there's nothing that can be done except to erase the hard drive
and re-load it from the back-up, losing all work done since the last back-
up. The program is not detected by most anti-viral programs in part because
it's not a virus.
Word of the program, and efforts to correct it, have spread quickly.
Newsbytes got word through a bulk-mail from an OS/2 newsgroup, the message
originating at the University of Georgia. UGA, meanwhile, apparently
learned of Chinon through Doug Leonard, who spread an alert from the
Sacramento PC Users Group. The original message, in turn, was written by
Mark F. Haven of the US Department of Health & Human Services. The message
to Newsbytes, sent around 4:30 PM Eastern Daylight Time, was confirmed
through a phone call to Terry McGillan at Carnegie- Mellon, who checked with
CERT to make sure the alert was genuine.
(Dana Blankenhorn/19940701/Press Contact: Terry McGillan, Carnegie-Mellon
University, 412-268-7394)