Trojan Horse Raises Security Issues in Win95 and NT

In a carefully worded statement, Microsoft is warning users that storing passwords for automated online access will raise the probability of a security breach to a user's network or ISP accounts.

In a carefully worded statement, Microsoft is warning users that storing passwords for automated online access will raise the probability of a security breach to a user's network or ISP accounts.

Dr. Solomon's Software, working with a Swiss ISP, has uncovered a Trojan Horse that gained entry into its customer's Windows 95 and Windows NT 4.0 subdirectory, in which passwords and log-on information are stored. If a user has previously input a password to be retrieved when the user's ID is input, the linked information can be grabbed by the Trojan Horse.

The Trojan Horse in this case appears as an attachment to an e-mail that may claim to be updating a system for faster network access or to be updating the dialer information.

The Trojan Horse then locates the user's phone book, where it is stored in a Windows subdirectory, and the user ID. The program e-mails the data back to the perpetrator along with the Windows password cache. Though both files are encrypted, it would be fairly simple to break the code.

"It wouldn't take weeks to break this code," said Glenn Jordan, a senior technology consultant at Dr. Solomon's. Jordan refers to himself as the "head troubleshooter."

Microsoft confirmed the potential security threat of the Swiss-based Trojan Horse and issued the following warning:

"If the user chooses to store the password they will be susceptible to any kind of security breach. That's a choice that a user needs to make," said a Microsoft representative.

Dr. Solomon's WinGuard software program has been updated to protect against this Trojan Horse, said a representative.

Dr. Solomon's Software Inc., in Burlington, Massachusetts, is at http://www.drsolomon.com. Microsoft Corp., in Redmond, Washington, is at http://www.microsoft.com.

Defeating the Swiss Trojan Horse

Here are some recommendations

-- When the system asks whether you want it to remember your password, say "No."

-- Input your password at each log-on.

-- Use Microsoft AuthentiCode to verify untampered files.

-- Use the file viewer function rather than launching an application directly from e-mail.

-- Use programs such as Dr. Solomon's WinGuard, which can recognize a Trojan Horse file.

Join the newsletter!

Error: Please check your email address.
Show Comments
[]