:: NORMAN :: Antivirus | Firewall

Proaktiv IT sikkerhed

Startside

Nyheder

Support

Køb

Vælg land

Vælg produkt

Virus & sikkerhed » Sikkerhedsinformation » 1999 » Back Orifice 2000 - the new Windows backdoor program released 10 July

Back Orifice 2000 - the new Windows backdoor program released 10 July

Tilføj til mine Norman-bogmærker

Security Information Week 28, 1999

The underground organization Cult of the Dead Cow has released a new version of its Windows backdoor program. Back Orifice 2000 was released 10 July on the yearly computer hacker and security conference Def Con in Las Vegas, Nevada, USA.

The former version of Back Orifice is discussed in our weekly security info for week 11 this year.

The new version has a lot of new functionality, such as:

Back Orifice 2000 is not limited to Windows 95/98 operating systems, but runs on Windows NT as well.
A user may configure which ports the program communicates on.
Modular structure, which enables new functions to be easily added.
The program has built-in functions which, if activated, make it difficult to detect on an infected computer.

The source code is available on the Internet. This enables the creation of different variants of the program.

Although the authors of the program claim that Back Orifice 2000 is a network administration tool for Windows operating systems, experience from other such programs, like the former version of BO and Netbus, indicates that the use has been with malicious intent for the most.

As usual the advises are:

Always be careful when you receive executable files
No not open mail attachments without checking the content with an updated virus control product.
Do not run executable files received through chat systems like IRC channels and ICQ without checking for potential viruses.

Ironically the CD with Back Orifice which was distributed on Def Con turned out to be infected by the dangerous computer virus CIH, also called Chernobyl. The opening page on Cult of the Dead Cow's web site shows this message (extracts):

Somehow we must have accidently infected our own Defcon CDs with CIH v1.2 TTIT (Chernobyl). It was not our plan to do this, and frankly it makes us look like idiots. (...)

Norman's virus detection files dated 12 July 1999 or later detects Back Orifice 2000.

More information about Back Orifice 2000 may be found in an excellent white paper from Internet Security Systems' X-Force (PDF format).

Per Olav Førland

VIRUSADVARSLER

Medium risk
24	Oct	07	Pidief.A
24	Jan	07	Tibs
25	Sep	06	Stration
18	Jan	06	Small.KI
12	Sep	05	Bagle.CS
17	Aug	05	Zotob.B
08	Jun	05	Mytob
17	Feb	05	MyDoom.AQ
26	Jul	04	MyDoom.L
25	Mar	04	Netsky.P
Low risk
05	Mar	07	Viking.GT
27	Jan	06	Feebs
16	Jan	05	MyDoom.AH
22	Apr	04	SDBot
30	Mar	04	Netsky.Q

Frigivelsesdato for seneste definitionsfiler

>>	2008-07-24 (UTC 17:02)

Sikkerhedsoplysninger

>>	The Internet Crime Complaint Center's report for 2007
>>	2007

Sikkerhedsrådgivning

>>	No critical updates for Microsoft systems in July 2008
>>	Three critical updates for Microsoft systems in June 2008

Norman er en af verdens ledende virksomheder indenfor datasikkerhed. Med produkter som antivirus, personlig firewall og antispam, spiller Norman en vigtig rolle i dagens dataindustri.