Menu
- Home
- News
- Stats
- List articles
- List pages
Documentation
- What Is BOXP?
- Differences
- List of Features
- Commands Reference
- Users FAQ
Software
- BOXP Suite
- Plugins
- Monitoring
Dev Corner
- Bug Reports
- Feature Requests
- SourceForge Project Homepage
- Developers Support
- Developers FAQ
- BOXP Description
- The BOXP Dev Team
- Resources
- Changelogs
- Tasks
Community and Support
- BOXP Forums
- Users Support
- Mailing Lists
- Propaganda Images

SourceForge.net Logo

BO2KonAbout

Note: This is a BO2K Document but is included because BOXP is based on BO2K.

Back Orifice 2000


Dateline: 07/12/99

Amidst much hype and controversy, the hacker group Cult of the Dead Cow (cDc) has released an "upgrade" to their Back Orifice software this weekend at DEF CON in Las Vegas. cDc posted a news release earlier this month, announcing the impending availability of Back Orifice 2000 from the web site they set up for it. According to cDc, their goals are to raise awareness of security issues with Microsoft products, as well as to offer network administrators a tool for supporting computers on a network. Microsoft has posted a response in the form of a Security Bulletin.

The BO2k software has been called everything from a handy utility to a malicious virus. Although at this time, it is technically a Trojan horse (the program doesn't originally run/install itself, but has to be run by the user), with the source code freely available, it could only be a matter of time before it is packaged as a virus. At the time of this writing, both Network Associates (McAfee) and Symantec (Norton Antivirus) claim to detect and remove BO2K. I'm sure that others do also, or will soon, but those were the only ones that had this information posted prominently on their respective websites this morning.

But is the software really malicious? According to Drew Ulricksen in ZDNet News, BO2K will not only allow for remote control of a machine, but also comes with a built in proxy server and web server. The U.S. version comes with 3DES strong encryption (the international version is weaker), and encrypts all data and text from the client. It is about 115K in size and uses 2MB of RAM. This version of BO2K doesn't install itself when run, as did the original, but runs a configuration wizard. The user must also assign BO2K a port and password before it will run, rather than using a default port and password, like the original. It can also be run hidden or visible. In many ways, this seems to me to be a Trojan in the same way that FDISK or FORMAT are Trojans.

Now, forgive me, but so far BO2K does sound pretty handy. I've installed and used several remote control/administration products, and these features sound pretty familiar, although generally, they are much larger and consume more system resources than cDc claims BO2K does. In fact, there are other shareware remote administration tools out there that are less secure, and contain fewer features. I don't recall any virus makers offering to detect and remove them. It seems that what makes this product questionable to many people is that it comes from a "hacker" source. Perhaps that's why the cDc is offering the source code publicly.

The accusations against BO2K include such things as that it can access passwords, capture keystrokes and send the machine faulty warning messages, along with "listening" through a system's microphone, according to Bob Olsen of Network-1 Security Solutions in ent magazine. BO2K is harder to detect and more powerful than the original.

It will be interesting to see what comes from this event. Perhaps Microsoft will take steps to close security holes. Perhaps we will find out that BO2K actually does something horrible like cause your keyboard to emit a poisonous gas that cDc members have been building up an immunity to over the past year. Or maybe more new products will arise, building on the BO2K code.

Or maybe the Feds have already hauled them all away - I've noticed that their sites have been inaccessible all day today...

Want to know more? Here is a sample of the news stories out there:
Back Orifice 2000 Not to Be Feared, ZDNet News
Back Orifice 2000 Going Legit? ZDNet News
Back Orifice 2000 Released w/ Great Fanfare..., InfoWorld
Back Orifice 2000 Makes its Debut, News.com
Back Orifice Back Again, ent.
Companies Brace for Trojan Horse, PC World
Concern Rises Over Windows NT Trojan, News.com
Latest Hacker Tool Will Target NT Desktops, ComputerWorld.
Microsoft Fears Another Release of Windows Virus, News.com

For more articles like these, visit the NT News page.

If you have an opinion or question about Windows NT/2000, please visit the Focus on Windows NT Forums (there is even a special section for discussion of these features), and post a message, or come to the Chat Room to see if anyone else is there to discuss it.

'Till next time,

Douglas Ludens

Last Modification: Mon 5 2005f September, 2005 [17:46] by Javier Aroche. Hits: 186


Smaug (C) 2004-2005 Javier Aroche