Search /
Docfinder:
Advanced search  |  Help  |  Site map
RESEARCH CENTERS
SITE RESOURCES
Click for Layer 8! No, really, click NOW!
Networking for Small Business
TODAY'S NEWS
Fugitive spam king dead in apparent murder-suicide
VPNs: Six burning questions
UPDATE: Microsoft exec leaving to become Juniper CEO
Parts of San Francisco network still locked out
Cisco to buy home-network software vendor
Attack code released for new DNS attack
Start-up led by Sun veterans readies data access for Web 2.0 world
Broadband to reach 77% of U.S. households by 2012, Gartner says
Ballmer: Microsoft ready to claim title as top enterprise software vendor
Big Brother's new software
Iron Mountain talks off-site storage, including in caves
Microsoft's VMM coming in September, exec says
Microsoft wants to steal five million Notes customers
Juniper hitting on all cylinders
WLAN design tool now works with 11n access points
/

Back Orifice is back and it's badder than ever

Today's breaking news
Send to a friendFeedback

Advertisement:

By Winn Schwartau
Network World, 08/02/99

Yes, I did it again. I flew 3,000 miles to Las Vegas' eyeball-searing summer heat to go to the Def Con 7 hacker convention. In attendance: three thousand hackers, National Security Agency minions and corporate security types, all sucking down $1 Heinekens 24 hours a day. The focus of this gala event: the release of Back Orifice 2000.

The guys from the Cult of the Dead Cow (CDC), which brought you the original Back Orifice last year, have updated their creation, which the CDC modestly calls "the most powerful network administration tool available for the Microsoft environment, bar none" (www.bo2k.com/indexwhatis.html).

The CDC's raison d'etre is to exploit the lack of security in NT and Microsoft products in general. The group says the original Back Orifice and Back Orifice 2000 are merely remote administration tools, but many security professionals swear that the creation of Back Orifice 2000 is even more of an attack on organizations.

At Def Con, the CDC put on a rousing show and talked about the great new features that Back Orifice 2000 boasts. It now works on NT rather than just Windows 9x boxes and has a mode that can make an NT machine look like it has gone to the dreaded Blue Screen of Death. In reality, the target machine is processing in the background, under the control of whoever infected it.

The CDC also added additional encryption facilities that are supposed to make the program harder to detect. But the most notable news is that the group plans to make Back Orifice 2000 open source, meaning the source code is free to anyone. Expect dozens, if not hundreds, of copycat versions of Back Orifice 2000 to appear. Hackers will modify the code just enough, they hope, to avoid detection by anti-Back Orifice products. More than 300,000 copies of the original Back Orifice were downloaded. If even a small percentage of those same folks download Back Orifice 2000, make modifications and distribute them, we could see serious problems.

What can you do? You could go to a whole rash of hacker Web sites and download various anti-Back Orifice 2000 products. That would be really stupid. Many of them merely infect you with Back Orifice instead of protecting you. Your best bet is to go to a legitimate vendor, such as an antivirus company, and get the updated signature files, which are capable of detecting and eradicating Back Orifice 2000.

However, if there is a whole slew of polymorphic versions of Back Orifice 2000 floating around out there, your job becomes a lot more difficult.

How often will your antivirus software vendor update its software? How often will you update your anti-Back Orifice 2000 software on your servers and desktops?

Since Back Orifice and Back Orifice 2000 generally infect systems through an e-mail attachment, what changes to your current e-mail policy do you need to make? Will you allow attachments from outside the company to come in, and if so, from whom? Will you go the extreme and forbid attachments? How do you educate your users quickly? Do they open e-mail attachments from people and e-mail addresses they don't know? How about allowing only e-mail attachments from within the company?

I have heard rumblings about a lawsuit against the CDC. One group that does not want to be named is thinking about a civil proceeding under the premise that Back Orifice 2000 is essentially only harmful and, therefore, its creators should pay for damages. The other noise is from law enforcement, which is thinking about charging CDC members under the Racketeer Influenced and Corrupt Organizations Act, and conspiracy to violate almost every computer crime law on the books.

The CDC wants to make a point: Microsoft makes lousy products and it is up to the hackers to make fools of Redmond in public. Microsoft, security vendors and corporations see it differently: They maintain that the CDC is just trying to legitimize hacking under the guise of professional network management.

No matter which story you believe, you are going to have to deal with Back Orifice 2000.

RELATED LINKS

Schwartau is chief operating officer of The Security Experts, Inc., an information security consulting firm, in Seminole, Fla., and president of infowar.com. He can be reached at winn@securityexperts.com or winn@infowar.com. What do you think? Jump into nwfusion.talk and start a thread.

More On Security columns


NWFusion offers more than 40 FREE technology-specific email newsletters in key network technology areas such as NSM, VPNs, Convergence, Security and more.
Click here to sign up!
New Event - WANs: Optimizing Your Network Now.
Hear from the experts about the innovations that are already starting to shake up the WAN world. Free Network World Technology Tour and Expo in Dallas, San Francisco, Washington DC, and New York.
Attend FREE
Your FREE Network World subscription will also include breaking news and information on wireless, storage, infrastructure, carriers and SPs, enterprise applications, videoconferencing, plus product reviews, technology insiders, management surveys and technology updates - GET IT NOW.
* HOME    * RESEARCH CENTERS     * NEWS     * EVENTS

Contact us | Terms of Service/Privacy | How to Advertise
Reprints and links | Partnerships | Subscribe to NW
About Network World, Inc.

Copyright, 1994-2006 Network World, Inc. All rights reserved.