Back Orifice 2000

Last updated
Back Orifice 2000
Developer(s) Dildog (cDc) (original code)
BO2k Development Team (current maintenance)
Stable release
1.1.6 (Windows), 0.1.5 pre1 (Linux) / March 21, 2007
Operating system Microsoft Windows,
Linux (client only)
Type Remote administration
License GPL
Back Orifice 2000 advertisement (featuring the original logo) Bo2kad.png
Back Orifice 2000 advertisement (featuring the original logo)

Back Orifice 2000 (often shortened to BO2k) is a computer program designed for remote system administration. It enables a user to control a computer running the Microsoft Windows operating system from a remote location. The name is a pun on Microsoft BackOffice Server software.

Contents

BO2k debuted on July 10, 1999, at DEF CON 7, a computer security convention in Las Vegas, Nevada. It was originally written by Dildog, a member of US hacker group Cult of the Dead Cow. It was a successor to the cDc's Back Orifice remote administration tool, released the previous year. As of 2007, BO2k was being actively developed.

Whereas the original Back Orifice was limited to the Windows 95 and Windows 98 operating systems, BO2k also supports Windows NT, Windows 2000 and Windows XP. Some BO2k client functionality has also been implemented for Linux systems. In addition, BO2k was released as free software, which allows one to port it to other operating systems.

Plugins

BO2k has a plugin architecture. The optional plugins include:

Controversy

Back Orifice and Back Orifice 2000 are widely regarded as malware, tools intended to be used as a combined rootkit and backdoor. For example, at present many antivirus software packages identify them as Trojan horses. [1] [2] [3] [4] [5] This classification is justified by the fact that BO2k can be installed by a Trojan horse, in cases where it is used by an unauthorized user, unbeknownst to the system administrator.

There are several reasons for this, including: the association with cDc; the tone of the initial product launch at DEF CON [6] (including that the first distribution of BO2k by cDc was infected by the CIH virus [7] ); the existence of tools (such as "Silk Rope" [8] ) designed to add BO2k dropper capability to self-propagating malware; and the fact that it has actually widely been used for malicious purposes. [9] [10] [11] The most common criticism is that BO2k installs and operates silently, without warning a logged-on user that remote administration or surveillance is taking place. [12] According to the official BO2k documentation, the person running the BO2k server is not supposed to know that it is running on their computer. [13]

BO2k developers counter these concerns in their Note on Product Legitimacy and Security, pointing out—among other things—that some remote administration tools widely recognized as legitimate also have options for silent installation and operation. [14]

See also

Related Research Articles

<span class="mw-page-title-main">Malware</span> Malicious software

Malware is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, deprive access to information, or which unknowingly interferes with the user's computer security and privacy. Researchers tend to classify malware into one or more sub-types.

<span class="mw-page-title-main">Spyware</span> Malware that collects and transmits user information without their knowledge

Spyware is software with malicious behaviour that aims to gather information about a person or organization and send it to another entity in a way that harms the user—for example, by violating their privacy or endangering their device's security. This behaviour may be present in malware as well as in legitimate software. Websites may engage in spyware behaviours like web tracking. Hardware devices may also be affected. Spyware is frequently associated with advertising and involves many of the same issues. Because these behaviors are so common, and can have non-harmful uses, providing a precise definition of spyware is a difficult task.

<span class="mw-page-title-main">Trojan horse (computing)</span> Type of malware

In computing, a Trojan horse is any malware that misleads users of its true intent by disguising itself as a standard program. The term is derived from the ancient Greek story of the deceptive Trojan Horse that led to the fall of the city of Troy.

Back Orifice is a computer program designed for remote system administration. It enables a user to control a computer running the Microsoft Windows operating system from a remote location. The name is a play on words on Microsoft BackOffice Server software. It can also control multiple computers at the same time using imaging.

<span class="mw-page-title-main">Timeline of computer viruses and worms</span> Computer malware timeline

This timeline of computer viruses and worms presents a chronological timeline of noteworthy computer viruses, computer worms, Trojan horses, similar malware, related research and events.

<span class="mw-page-title-main">Rootkit</span> Software designed to enable access to unauthorized locations in a computer

A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed and often masks its existence or the existence of other software. The term rootkit is a compound of "root" and the word "kit". The term "rootkit" has negative connotations through its association with malware.

<span class="mw-page-title-main">CIH (computer virus)</span> Windows 9x computer virus

CIH, also known as Chernobyl or Spacefiller, is a Microsoft Windows 9x computer virus that first emerged in 1998. Its payload is highly destructive to vulnerable systems, overwriting critical information on infected system drives and, in some cases, destroying the system BIOS. Chen Ing-hau, a student at Tatung University in Taiwan, created the virus. It was believed to have infected sixty million computers internationally, resulting in an estimated US$1 billion in commercial damages.

<span class="mw-page-title-main">Backdoor (computing)</span> Method of bypassing authentication or encryption in a computer

A backdoor is a typically covert method of bypassing normal authentication or encryption in a computer, product, embedded device, or its embodiment. Backdoors are most often used for securing remote access to a computer, or obtaining access to plaintext in cryptosystems. From there it may be used to gain access to privileged information like passwords, corrupt or delete data on hard drives, or transfer information within autoschediastic networks.

The Encrypting File System (EFS) on Microsoft Windows is a feature introduced in version 3.0 of NTFS that provides filesystem-level encryption. The technology enables files to be transparently encrypted to protect confidential data from attackers with physical access to the computer.

NetBus or Netbus is a software program for remotely controlling a Microsoft Windows computer system over a network. It was created in 1998 and has been very controversial for its potential of being used as a trojan horse.

<span class="mw-page-title-main">Group Policy</span> Feature of the Microsoft Windows NT family of operating systems

Group Policy is a feature of the Microsoft Windows NT family of operating systems that controls the working environment of user accounts and computer accounts. Group Policy provides centralized management and configuration of operating systems, applications, and users' settings in an Active Directory environment. A set of Group Policy configurations is called a Group Policy Object (GPO). A version of Group Policy called Local Group Policy allows Group Policy Object management without Active Directory on standalone computers.

Josh Buchbinder, better known as Sir Dystic, has been a member of Cult of the Dead Cow (cDc) since May 1997, and is the author of Back Orifice. He has also written several other hacker tools, including SMBRelay, NetE, and NBName. Sir Dystic has appeared at multiple hacker conventions, both as a member of panels and speaking on his own. He has also been interviewed on several television and radio programs and in an award-winning short film about hacker culture in general and cDc in particular.

Remote administration refers to any method of controlling a computer from a remote location. Software that allows remote administration is becoming increasingly common and is often used when it is difficult or impractical to be physically near a system in order to use it. A remote location may refer to a computer in the next room or one on the other side of the world. It may also refer to both legal and illegal remote administration.

<span class="mw-page-title-main">Cult of the Dead Cow</span> Hacker organization

Cult of the Dead Cow, also known as cDc or cDc Communications, is a computer hacker and DIY media organization founded in 1984 in Lubbock, Texas. The group maintains a weblog on its site, also titled "Cult of the Dead Cow". New media are released first through the blog, which also features thoughts and opinions of the group's members.

<span class="mw-page-title-main">Mark Russinovich</span> Spanish-born American software engineer

Mark Eugene Russinovich is a Spanish-born American software engineer and author who serves as CTO of Microsoft Azure. He was a cofounder of software producers Winternals before it was acquired by Microsoft in 2006.

Windows Sysinternals is a website that offers technical resources and utilities to manage, diagnose, troubleshoot, and monitor a Microsoft Windows environment. Originally, the Sysinternals website was created in 1996 and was operated by the company Winternals Software LP, which was located in Austin, Texas. It was started by software developers Bryce Cogswell and Mark Russinovich. Microsoft acquired Winternals and its assets on July 18, 2006.

Sub7, or SubSeven or Sub7Server, is a Trojan horse program originally released in 1999. Its name was derived by spelling NetBus backwards ("suBteN") and swapping "ten" with "seven". As of June 2021, the development of Sub7 is being continued.

<span class="mw-page-title-main">Remote desktop software</span> Desktop run remotely from local device

In computing, the term remote desktop refers to a software- or operating system feature that allows a personal computer's desktop environment to be run remotely off of one system, while being displayed on a separate client device. Remote desktop applications have varying features. Some allow attaching to an existing user's session and "remote controlling", either displaying the remote control session or blanking the screen. Taking over a desktop remotely is a form of remote administration.

Microsoft Desktop Optimization Pack (MDOP) is a suite of utilities for Microsoft Windows customers who have subscribed to Microsoft Software Assurance program. It aims at bringing easier manageability and monitoring of enterprise desktops, emergency recovery, desktop virtualization and application virtualization.

Alureon is a trojan and rootkit created to steal data by intercepting a system's network traffic and searching for banking usernames and passwords, credit card data, PayPal information, social security numbers, and other sensitive user data. Following a series of customer complaints, Microsoft determined that Alureon caused a wave of BSoDs on some 32-bit Microsoft Windows systems. The update, MS10-015, triggered these crashes by breaking assumptions made by the malware author(s).

References

  1. Symantec press release, dated 12 July 1999, accessed 8 August 2006
  2. ISS press release [ permanent dead link ], dated 13 July 1999, accessed 8 August 2006
  3. Trend Micro press release Archived 2007-03-11 at the Wayback Machine , dated 12 July 1999, accessed 8 August 2006
  4. CA threat description Archived 2007-03-12 at the Wayback Machine , dated 30 November 2005, accessed 8 August 2006
  5. F-secure threat description, accessed 8 August 2006
  6. CNN.com report "Bad rap for Back Orifice 2000?", dated 21 Jul 1999, accessed 8 August 2006
  7. ZDNet news "Back Orifice CDs infected with CIH virus", dated 14 July 1999, accessed 8 August 2006
  8. "Trend Micro threat description". Archived from the original on 2002-10-20. Retrieved 2020-06-21.
  9. Insecure.org mailing list archive, Rik van Riel report dated 3 October 2000, accessed 8 August 2006
  10. Security Focus "Airport PCs stuffed with meaty goodness", dated 21 September 2005, accessed 8 August 2006
  11. Microsoft Security Administrator article "Danger: Remote Access Trojans", September 2002 edition, accessed 8 August 2006
  12. Bruce Schneier's Crypto-Gram Newsletter, dated 15 August 1999, accessed 8 August 2006
  13. "Official BO2k Documentation: Basic Setup". Archived from the original on 2012-07-10. Retrieved 2007-05-10.
  14. "Legitimacy". Archived from the original on 2005-04-07. Retrieved 2006-08-05.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.