comStar Firewall alert - PhaseThrough
comStar Firewall alert - PhaseThrough
comStar Firewall alert - PhaseThrough
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .<br />
124<br />
users—or the successful implementation of social engineering—<br />
rather than flaws in a computer system’s security. It is up to the<br />
gamemaster to decide if and when a character’s online activities<br />
justify an infection.<br />
activating trojan Horses<br />
As soon as the trojan’s façade program is executed, the trojan<br />
malware hidden inside is activated as well. Most trojans are<br />
designed to immediately install something on the infected system<br />
(such as a backdoor or hidden proxy server), or to download and<br />
install some other sort of malware (such as a virus or worm). A<br />
few are designed to undertake some other sort of action, such as<br />
disarming the <strong>Firewall</strong>. Each trojan is designed with a different objective,<br />
and so functions differently, according to the gamemaster’s<br />
discretion (see Sample Trojans, p. 124, for specific examples).<br />
Because trojans are (unknowingly) activated by the duped<br />
user, they take action with the same account privileges as that user.<br />
This means that in many cases, the trojan’s actions are considered<br />
legal and are not contested by the <strong>Firewall</strong>.<br />
detecting and disinfecting of trojans<br />
Since trojan horses take a variety of forms, there is no universal<br />
method to automatically locate and eradicate them. Trojans are<br />
particularly difficult to spot before they have been activated. They<br />
roll Rating x 2 to oppose Matrix Perception Tests once activated. If<br />
the trojan has not yet been activated, apply a –4 dice pool modifier<br />
to the Matrix Perception Test. A detected trojan can be purged<br />
with an Opposed Disinfect Test (see p. 121).<br />
SaMpLe troJanS<br />
Although a plethora of different trojans exist under different<br />
names and handles, some representative samples of trojan horse<br />
programs and their functions are described below. Gamemasters<br />
and players are encouraged to expand this list on their own and<br />
develop new trojan programs.<br />
Hijacker<br />
Hijacker trojans subvert the activating user’s connections, redirecting<br />
him to other nodes—typically nodes loaded with spam,<br />
porn, or extremist political media. The trojan may occasionally<br />
redirect the user’s connection attempt to a different site, or it may<br />
always open an additional second connection every time the user<br />
opens one.<br />
proxy<br />
This trojan installs a secret proxy server (p. 104) on the<br />
user’s node when it is activated. If the user’s privileges allow for<br />
this, it is automatic; otherwise the trojan rolls Rating x 2 (10, 1<br />
Initiative Pass) to install it. The trojan then keeps the server hidden<br />
using Rating x 2 to oppose any Matrix Perception Tests. If<br />
successful, the proxy server details are immediately transmitted<br />
to the trojan’s deployer.<br />
puppeteer<br />
Puppeteer trojans are designed to aid a hacker to spoof commands.<br />
When activated, the puppeteer informs the deploying<br />
hacker of the infected user’s access ID (if this changes, the trojan<br />
will update the hacker), enabling the hacker to more effectively<br />
spoof commands from the user. More insidiously, however, the<br />
Puppeteer opens a channel by which the hacker can send commands<br />
to the trojan, which then resends the commands as the<br />
infected user (and with the user’s access privileges) to any drones,<br />
agents, or devices under the user’s command. Because these<br />
commands are “legitimate” (coming from the authorized user’s<br />
account), they are automatically accepted.<br />
rat<br />
An abbreviation for “remote access tool,” the RAT is designed<br />
to immediately install a backdoor within the node when it is activated.<br />
Roll its Rating x 2 to create a reusable exploit, a legitimate<br />
account, a hidden account, or a hidden access point (see Backdoors,<br />
p. 99). If successful, the backdoor details are immediately transmitted<br />
to the trojan’s deployer.<br />
Sapper<br />
Sapper trojans feature coding similar to the Disarm program<br />
(p. 111). When activated, they remain hidden in the node until<br />
they receive an activation code from the deploying hacker. At this<br />
point, they attempt a Disarm action (p. 112) to neutralize the<br />
<strong>Firewall</strong> against the hacker, rolling Rating + Disarm.<br />
vector<br />
When activated, Vector trojans immediately open a connection<br />
to download and install a virus, worm, or agent from a<br />
predetermined Matrix site. Vector trojans are a common method<br />
used to spread malware infections to other nodes. Hackers sometimes<br />
use Vector trojans as a clandestine method to sneak an agent<br />
onto a target node. Agents and worms downloaded this way operate<br />
with the activating user’s access privileges.<br />
tacticaL ar Software<br />
Tactical AR software features sophisticated expert programs<br />
designed to analyze a situation, evaluate threats, incorporate sensor<br />
data from networked team members, calculate probabilities,<br />
run background simulations, and suggest courses of action. Based<br />
on previous generations of implanted tactical computers and new<br />
systems designed for biodrones (see p. 152, Augmentation), these<br />
programs incorporate augmented reality, mobile wireless devices,<br />
simsense, and advanced sensor technology to maximize tactical<br />
capabilities and threat response. Tacnets are commonly used by<br />
Malware Availability Cost (up to Rating 3) Cost (up to Rating 6)<br />
Trojan (Rating x 4)F Rating x 1,000¥ Rating x 2,000¥<br />
Virus (Rating x 3)F Rating x 500¥ Rating x 1,000¥<br />
Worm (Rating x 5)F Rating x 2,000¥ Rating x 5,000¥<br />
Unwired<br />
Simon Wentworth (order #1132857) 9