Stanford University Home

Stanford News Archive

Stanford Report, February 17, 1999

Computer users should be wary of email 'Trojan Horses'

On the heels of a recent "Trojan Horse" advisory, Stanford's computer security officer warns computer users to exercise caution in running programs to be executed via e-mail.

"If anyone sends you a message that says 'Click here' ­ don't do it unless you're very, very certain the message is legitimate and from a trusted source," said Stephen Hansen. When in doubt, call the security office at 723-1058.

Trojan Horses rely on users to install them, or they can be installed by intruders who have gained unauthorized access by other means, Hansen said. Thus, an intruder attempting to subvert a system using a Trojan Horse relies on other users running the Trojan Horse to be successful. A Trojan Horse is different from a virus because "it wasn't there to replicate itself," Hansen said. "It uses your connection to attack another machine."

He estimates his office receives six to 12 advisories each month. The latest involved an alleged free upgrade to the Microsoft Internet Explorer web browser. The security office received confirmation from Microsoft Corp. that it does not provide "patches" or upgrades via e-mail, although it does distribute security bulletins through e-mail. SR