Microsoft hints at new threat to online access

In a carefully worded statement, Microsoft appears to be warning users that storing passwords for automated online access will raise the probability of a security breach to a user's network or ISP accounts. Earlier this week, Dr. Solomon's Software, working with a Swiss ISP, uncovered a so-called Trojan Horse that gained entry into a customer's Windows 95 and NT 4.0 subdirectory, where passwords and log-on information are stored. If the user has previously input a password to be retrieved when the user's ID is input, the linked information can be grabbed by the Trojan Horse.

In a carefully worded statement, Microsoft appears to be warning users that storing passwords for automated online access will raise the probability of a security breach to a user's network or ISP accounts.

Earlier this week, Dr. Solomon's Software, working with a Swiss ISP, uncovered a so-called Trojan Horse that gained entry into a customer's Windows 95 and NT 4.0 subdirectory, where passwords and log-on information are stored. If the user has previously input a password to be retrieved when the user's ID is input, the linked information can be grabbed by the Trojan Horse.

Microsoft confirmed the potential security threat of the Swiss-based Trojan Horse and issued the following warning. "If the user chooses to store the password they will be susceptible to any kind of security breach. That's a choice that a user needs to make," said a Microsoft representative.

Microsoft had a number of recommendations, including manually inputting the password at each log-on or using its own AuthentiCode technology, which is part of the company's Internet Explorer Web browser

AuthentiCode technology identifies the source of executables. When downloading a piece of software, it recognizes if the software has been tampered with. A Microsoft representative said that AuthentiCode is akin to "a virtual shrink-wrap." A warning box pops up if the download has not been digitally signed or if it appears to have been tampered with.

The Trojan Horse in this case appears as an attachment to an e-mail that may claim to be updating a system for faster network access or to be updating the dialer information.

If a user chooses to detach or launch the attachment, the program sends the user a standard error message saying that the update has failed. In actuality, the Trojan Horse locates the user's phone book where it is stored in a Windows subdirectory along with the user ID. The program sends the data back via e-mail to the perpetrator along with the Windows password cache.

Although both files are encrypted, it would be fairly simple to break the code.

"It wouldn't take weeks to break this code," said Glenn Jordan, senior technology consultant at Dr. Solomon. Jordan refers to himself as "head trouble-shooter."

The Trojan Horse also has the capability of preventing the user from accessing his or her own online services while the hacker gains access with the user's identity.

Jordan does not believe Microsoft is at fault for the potential security breech.

"There are a combination of useful features that Microsoft has built in to Win32 which allows this to happen," Jordan said. "The Trojan Horse exploits Win32 WinSock files, which have the capability of communicating with other systems. The Trojan Horse will work on any Intel, Win32 machines -- including Windows 95, NT 4.0, and I strongly suspect, on Windows 98."

Dr. Solomon's WinGuard software program has been updated to protect against this Trojan Horse, a representative said.

Dr. Solomon's Software Inc., in Aylesbury, U.K., is at http://www.drsolomon.com/. Microsoft Corp., in Redmond, Washington, is at http://www.microsoft.com/.

Join the newsletter!

Error: Please check your email address.
Show Comments

Market Place

[]