Most programs that are employed by hackers are of the Trojan horse variety. And the classic Trojan horse example is one which uses the faults of others to achieve its goal. Generally this means using undisciplined PATH commands.
Most modem operating systems allow you to arrange your files in an organized fashion by the use of directories and subdirectories. This makes finding where you left a file easy, but it causes problems when you get sick of typing in long pathnames to change from one directory to an-other.
The solution is in PATH commands. A PATH command says to the OS, "if you don't find that file in the current directory, look over there... Thenlook there.... And there." In other words, you specify a path which the OS can follow to find files. That way you don't have to be in a file's directory to ac-cess that file.
PATH commands are usually put into batch files which are run at login. They are especially used on big machines which contain lots of files and tons of directories. In those cases, especially if the user is a maintenance operator and needs ac-cess all over the place, there might be a lot of direc-tories specified in the PATH.
Sloppy search paths, especially ones which look at all or most of the directories on a system are of extreme importance to the hacker. The hacker starts by rewriting a program that gets used often and putting a Trojan horse into it. The program is then put into a directory that is likely to be in a super-user's path. A privileged
user or program, such as a superuser shell script, may innocently chance upon, let's say, your "date" program instead of the It official" version stored in the OS directory. It is ac-cessed, and your hidden code does its thing. Trojan horses can do a lot of things. They can collect passwords, simulate login prompts ( Also, think about Trojan horses in terms of the multi-user games discussed earlier - obtaining those pass-words, etc.) remove read/write protection from files, or fake system crashes (and when the user shuts off his terminal and
walks away, you type in the secret control code which causes the Trojan horse to uncrash back to the user's account). Trojan horses should definitely make up the majority of a hacker's tool kit. But there is another, different means of gaining higher access by employing programs, and that is with the use of computer viruses.
