Back to Usenet News Server Club

BackOriface2000 Due to release July 1999, this sneaky sonof the original BackOriface Trojan is even more sinister than the original. You canprotect yourself though.

What Customers Should Know About "BackOrifice 2000"

"BackOrifice 2000" (BO2K) is a malicious program that is expected to be releasedon or about July 10,
1999. You can protect yourself however if you follow safe computer procedures.


"BO2K"  what's that?
BO2K is a program that, when installed on a Windows computer, allows the computer to beremotely
controlled by another user. Remote control software is not malicious in and of itself; infact, legitimate
remote control software packages are available for use by system administrators. What isdifferent about
BO2K is that it is intended to be used for malicious purposes, and includes stealthbehavior that has no
purpose other than to make it difficult to detect.

What are the dangers from it?
When BO2K is installed on a computer, the attacker can do anything that the user at thekeyboard could
do. This includes running programs, creating or deleting files,sending and receiving data, and so on. The original BackOriface programwas originally used by hackers but was also quickly adopted by industrial espionagers,spies, detectives and not surprisingly the FBI and CIA which loved the idea of being ableto secretly probe and explore someone's computer, and possibly even plant illegal files,or create incriminating evidence that is then hidden on your computer where you'll neverrun across it. Then when your equipment is seized they immediately have something thatthey can use to justify deeper forensics into your computers data files. They can alsomonitor all your correspondence with others and can detect secret username/passwords youuse to enable your encryption programs, and many other invasions of your privacy. Thedangers are endless, but preventable.

How would it get onto my computer?
Like any computer program, BO2K must be installed on the target machine. BO2K cannot be"injected"
onto your machine. There are only two ways it can be installed:

By giving the attacker physical access to your logged-on computer. If the attacker learnsyour password
or you leave your logged-on workstation unattended, he or she can install BO2K on yourmachine.
By tricking you into installing the software. This is known as a "Trojan horse"technique. The attacker
might send you an email attachment that claims to be a game but which really installsBackOrifice.

How can I prevent having BO2K from being installed on my machine?
You don't need to take any extraordinary precautions. Just follow normal safe computingpractices:

Never share your password, and always lock your computer when you walk away from it.
Never run software from untrusted sources.
Always keep your anti-virus and other security software up to date.

If it's on my machine, how do I get it off?
The makers of anti-virus and intrusion detection software are standing by awaiting itsrelease, and are
poised to quickly develop software that will detect and remove BO2K. Microsoft is workingclosely with
them to assist in this process. When BO2K's predecessor was released, defenses wereavailable within
days, and the same is likely to happen with this release.

Does BO2K exploit any security vulnerabilities in Windows or Windows NT?
No. Programs like BO2K could be written for any operating system; this one just happens tohave been
written to run on Windows and Windows NT. On any operating system, if you choose to run aprogram,
it can do whatever you can do. And if you can be tricked into running a destructive pieceof software, it
can abuse that capability by erasing data, changing information, or allowing someone elseto give it
commands.


Is BO2K like the Melissa virus?
Only in the sense that both were Trojan horse programs that performed malicious action.

Keep your anti-virus software up to date, all major anti-virus manufacturers will havesolutions out for B02K within days of its release. There is no need to buy specificprograms that will claim to find, uninstall or prevent B02K from being installed in thefirst place. Your reliable major Anti-Virus providers fixes will do the same thing at noadditional cost to you. Just remember not to start .exe files and other executables thatyou mysteriously receive via email or on disks. If you do not know the sender very well,don't open unknown programs until you have checked it out with your virus detection.

Back to Usenet News Server Club