I wrote about this issue over a year ago in my newsletter where i demonstrated that renaming the SQL*Plus binary on a windows client and also on the server failed to change the values in the module and program columns of v$session. Howard concurred this and also demonstrated that he could change the name of MS Access and trick a login trigger. Jeff also concurred that on Windows 2003 and Oracle 18.104.22.168 when renaming SQL*Plus as i did the columns are changed.
This is an interesting thread as many people try and restrict tools such as SQL*Plus and application by using the module and program columns of v$session. It seems that some Oracle tools are harder to bypass in this scenario but the platform matters. Trying to do the same for other applications is useless for security as renaming will easily bypass this method.