============================================================================ SUBJECT: ALERT RAISED ON TROJAN HORSE CALLED CHINON SOURCE: Newsbytes via Fulfillment by INDIVIDUAL, Inc. DATE: July 1, 1994 INDEX: [1] ---------------------------------------------------------------------------- PITTSBURGH, PENNSYLVANIA, U.S.A., 1994 JUL 1 (NB) via INDIVIDUAL, Inc. -- Newsbytes has confirmed that a new "Trojan horse," named the "Chinon" or "CD-IT" program, is being spread by "unknown hackers" on the Internet. Newsbytes confirmed through the Computer Emergency Response Team at Carnegie-Mellon University in Pittsburgh that the program has been distributed by unknown persons on the Internet, from which it can be downloaded. Unlike a virus, a piece of code which hides from users and then causes destruction, a Trojan horse masquerades as a helpful program, but then causes damage when downloaded. The program alleges to be a shareware utility for PCs that will convert an ordinary CD-ROM drive into a CD-Recordable device. That is technically impossible. Instead the program destroys critical system files on a user's hard drive and can crash the CPU, forcing its user to reboot while remaining in memory. According to a spokesman for CERT, the only remedy now known for infected computers is a regular back-up of the hard drive. Once the Trojan horse is activated, there's nothing that can be done except to erase the hard drive and re-load it from the back-up, losing all work done since the last back- up. The program is not detected by most anti-viral programs in part because it's not a virus. Word of the program, and efforts to correct it, have spread quickly. Newsbytes got word through a bulk-mail from an OS/2 newsgroup, the message originating at the University of Georgia. UGA, meanwhile, apparently learned of Chinon through Doug Leonard, who spread an alert from the Sacramento PC Users Group. The original message, in turn, was written by Mark F. Haven of the US Department of Health & Human Services. The message to Newsbytes, sent around 4:30 PM Eastern Daylight Time, was confirmed through a phone call to Terry McGillan at Carnegie- Mellon, who checked with CERT to make sure the alert was genuine. (Dana Blankenhorn/19940701/Press Contact: Terry McGillan, Carnegie-Mellon University, 412-268-7394)