Back Orifice is NOT a virus. It is in
essence a remote administration tool.
It gives "System Admin" type privileges to a
remote user by way of the computer's Internet link.
What does this mean? It means that if Back Orifice
is running in your computer, a remote operator anywhere on the global Internet can gain
access and do almost anything you can do on your computer -- and some things you can't do
-- all without any outward indication of his / her presence.
Back Orifice can arrive disguised as a component of
practically any software installation. It can be attached to other files or programs or
run on its own. It must be run, by itself or by another application. It then installs
itself in seconds, typically erases the original, then may run a specified program. To the
user installing an "infected" application, it will appear that all went
normally. But from that moment forward, your system offers easy and comprehensive access
anytime it is connected to the Internet.
In itself, Back Orifice does not cause any malfunction. It
runs quite invisibly to the user, consumes insignificant memory and resources, and does
little besides simply open up access to standard Windows 95 functions.
Win95/98 is in essence a networking operating system. It's
designed to give access and control to the system administrator on any network to which it
is connected. Back Orifice simply implements standard system admin functions and includes
a few handy tools for the remote operator's convenience. But it does so very quietly,
almost undetectably.
Back Orifice was publicly released by the Cult of the Dead
Cow on 3 August 1998. It has reportedly been downloaded by well over 100,000 people since
then.
Its implications are staggering, viewed as a whole. For the
first time ever, a relatively simple tool for unauthorised computer intrusion is available
to unprecedented numbers of people and is being "implemented" on a mass scale.
People are sending the program to one another all over the net, in various guises,
wittingly and unwittingly.
I have personally obtained the "Back Orifice"
(BO) suite, learned its functions, and proceeded to use it freely for the past three days
(as of 17 Aug). Along with a few easily-obtained utilities, I have found every function of
Back Orifice works almost flawlessly. I gained experience with it on my own systems, then
went "hunting" on the Net. I performed random "sweeps" of hundreds of
thousands of Net addresses and easily located dozens of Back Orifice installations in
computers all over the world. In each and every case, I had full, unfettered access to the
affected system.
Because available methods show me only those
"Orifices" without a password, it's difficult to gauge the magnitude of the BO
problem. It's trivial to set up BO with password protection, and undoubtedly most of the
mischief-makers who're using it are doing so. Based on my sampling, and the assumption
that most BOs use passwords, I believe it to be installed in tens of thousands of Win95/98
PCs worldwide.
The number of Orifices is surely growing at a daily
accelerating rate. BO will proliferate rapidly until public awareness is raised and
software safeguards are widely used. The program can be expected to evolve, and Windows
isn't changing anytime soon. So vigilance against BO and tools like it will remain
necessary for the foreseeable future.
My guess is, the "Back Orifice" issue is yet to
reach anywhere near its full proportions. It got some coverage when cDc released it, but
so far the media hasn't yet done it justice. Online news services have published stories
(links on right), and I'm told CNN carried some TV coverage. Expect to see much more media
coverage in the near future.
At present there is no known software tools which
absolutely reliably prevent the installation of Back Orifice. BODetect kills it in
operation (so you're safe for the moment each time it's run), but may not eradicate BO
from the system if it's carefully hidden, nor does it directly prevent installation.
Certainly some excellent tools will exist in the very near future.
Until foolproof commercial products are available for the
purpose, and even after they are, your best protection against BO and its ilk is to know a
few basics.
First and foremost, installing or running just any program
that's been sent to you is risky. If you receive a program from an unknown individual, or
one which is passed on to you by an acquaintance who himself may have accepted it
incautiously, realise that running it could cause damage. Back Orifice is only one of the
potential consequences. I'm not talking about documents or images, nor e-mails; but
programs. Games, utilities, applications, etc.
|
