|
| |
Back Orifice.....
The Deadly Backdoor
Breaking into someone else's PC was for long the territory of hackers, people with more
then an average knowledge about computers. Since the coming of Back Orifice, which means
"backdoor", that ain't true anymore. Breaking into windows is a childsgame and
then not thinking about the consequences yet. Sensitive information comes in the hands of
people where it doesn't belong and be read by them. Also deleting uploading files and even
formatting of your entire harddisk belongs to the possibilities. Back Orifice -short BO-
is dangerous and should be taken very seriously.
To prevent misunderstandings, Back Orifice is NO VIRUS.
Although it has the same intention as a virus, to cause damage to PC's and programs, it's
in fact a handy utility to remotely control a windows PC. An infected PC is fully
controllable, which means other people have access to all your information on your
harddisk. Members of the Cult Of The Dead Cow, the makers of Back Orifice, have the
intention to infect as many PC's on the world as possible.
They figured out some clever methods to execute this. The installing of Back Orifice
happens transparent, with other words the user doesn't know that BO is installing itself
on his/her PC. With special plug-ins the spreader of BO can paste it to an existing
program on the PC.
Back Orifice consists of 2 programs. A client to control the PC on distance and a server,
who executes the commands of the client, as sending files or starting windows
applications. A PC which is infected with BO, has the server program
on it, which is invisibly active on the PC.
The client application consists of many commands, like:
- process list: which shows programs currently running on the infected PC
- process kill: which can kill any of the currently running programs
- file copy: copies the files from one PC to the other
- file delete: deletes files from the infected PC
- play sounds: play sounds on the infected PC
- open CD-ROM: opens your CD-ROM player
- msg box: sends a message to the infected PC
For the real hackers Back orifice offers possibilities to get to the center of the windows
PC. And then it's quite easy to edit the registry. If they edit your registry it could
have major effects on the functioning of your PC.
The client and the server communicate with eachother by a TCP/IP protocol. Usually this is
UDP-port 31337. A PC which is infected with BO, listens in the background for requests of
the client on this portnumber. With the program BOconfig it's possible to adjust the
default port, because it's not always possible to communicate on port 31337, because of
use of firewalls and filters. But there are still quite some ports who aren't being
filtered.
According to the makers of Back orifice, the program would just reveal the bad security of
windows. The question is if this is really the case. Ofcourse the security of windows
isn't perfect, it's a controlling system meant for consumers. A better security is offered
by windows NT. When security is important, UNIX will be used. Back Orifice doesn't
necessarily means that windows is unsafe. It just shows the basic principle, that it's
possible to break into any system, when people install software that puts the backdoor
wide open. And this goes for all controlling systems, although one might be easier then
the other.
That Back Orifice is so successful, next to smart plug-ins, caused by the ignorance of
many computer users. Internet is a paradise for software and people just install it on
their PC. Be careful with programs distributed by e-mail or IRC. A good strategy is to be
careful with e-mail attachments. And install a BO detection program, like BackWork or
NoBo. A weak point of Back Orifice is that it needs to be installed first, before you can
break in with the client. But it's quite easy to get it installed on PC's. So who doesn't
take measures against it, will be a victim of it sooner or later.....
Checklist: measures against BO (Back Orifice)
- never install software coming from unknown sources
- always check e-mail attachments for possible viruses, use an up-to-date
virusscanner
- turn Java- or ActiveX support off, it is possible to get Back Orifice installed
through a WebPage
- some ISP's offer the possibilities to add a filter, think about it
- install a program to detect and to remove BO. Download always from reliable
pages, like from your ISP and be careful with unknown sites ( cleaners and
detectors can be found in Downloads )
- the program BOsniffer, meant to remove BO, does the opposite
Back Orifice.....The Deadly Backdoor was written by Catz_Eyesİ, 1998
|
