Back Orifice Download

Posted on  by

-->

The Back Orifice 'Backdoor' Program. Prevention, detection, removal, recovery. Reportedly the oldest such group in existence. They offer the full 'suite' of Back Orifice for download at their site. Technically skilled persons will find it fascinating. Believe it or not, Back Orifice has wonderful potential as a legitimate tool. C u l t d e a d c o w.o o m.

Security Bulletin

Information on the 'Back Orifice' Program

Back Orifice 2000 Download

Published: August 04, 1998 | Updated: August 12, 1998

Version: 1.2

Last Revision: August 12, 1998

Summary

On July 21, a self-described hacker group known as the Cult of the Dead Cow released a program called 'Back Orifice,' and suggested that users of the Microsoft速 Windows速 operating system were somehow at risk from unauthorized attacks. Microsoft takes security seriously, and has issued this bulletin to advise customers that users of Windows 95 and Windows 98 following safe computing practices (including not installing software from unknown and untrusted sources) are not at risk. Additionally, users of the Microsoft Windows NT速 operating system and the Microsoft BackOffice速 suite of products are not threatened in any way by this tool, because it does not even run on Windows NT Server.

The Claims About 'Back Orifice'

It is unclear from the author's statements what 'Back Orifice' is intended to do. In the press release that accompanied its release, 'Back Orifice' is alternately described as an administrative tool or as something that demonstrates some security vulnerability in the Windows platform.

The author claims the program can be used for purposes such as:

  • Remotely controlling and monitoring a computer running Windows
  • Reading everything that the user types at the keyboard
  • Capturing images that are displayed on the monitor
  • Uploading and downloading files remotely
  • Redirecting information to a remote Internet site

It is important to understand that programs allowing users to remotely control their computer should be installed with caution because they have the potential to be misused. Users should not install such types of programs from unknown bulletin boards or hacker web sites. There are many well-supported commercial tools from reputable vendors that provide this functionality to users today.

The Truth About 'Back Orifice'

'Back Orifice' does not expose or exploit any security issue regarding Windows, Windows NT, or the Microsoft BackOffice suite of products.

As far as demonstrating an inherent security vulnerability in the Windows platform, this is simply not true. 'Back Orifice' could introduce security vulnerabilities in the system on which it is installed, but, as with all other software, a user must make the choice to install it. Anytime users install software from unknown or untrusted sources, they risk compromising their system.

Based on our investigation of this program, it is our understanding that in order for 'Back Orifice' to introduce a security vulnerability on a system, a very specific chain of events must occur:

  • The user must deliberately install, or be tricked into installing the program on his or her machine.
  • The attacker must know the user's IP address.
  • The attacker must be able to directly connect to the user's computer. A properly configured firewall will prevent a direct connection and thus defeat a 'Back Orifice' attack.

What Does This Mean for Customers Running Windows 95 and Windows 98?

Windows 95 and Windows 98 offer security features tailored to match consumer computer use. This consumer design center balances security, ease of use, and freedom of choice. The security features in Windows 95 and Windows 98 enable consumers to create a safe computing environment for themselves while preserving their freedom to choose which sites they visit and what software they download. However, neither operating system is designed to be resistant to all forms and intensities of attacks. The 'Back Orifice' program is a good example of why consumers need to be careful about accessing, downloading and installing software from the Internet. Users should prevent the installation of potentially dangerous software including software from untrusted sources, by following good practices such as not downloading 'unsigned' programs. Corporations and ISPs should insulate themselves from direct connection to the Internet with proxy servers or firewalls, and should consider blocking unsigned programs at the firewall. Users who follow reasonable and safe Internet computing practices, such as not installing software from unknown and untrusted sources, are unlikely to be affected by the 'Back Orifice' tool. However, consumers whose computing needs require a higher level of security should consider Windows NT Server.

What Does This Mean For Customers Running Windows NT Server?

Back Orifice 2000 Download

There is no threat to customers of Windows NT Workstation or Windows NT Server because the program does not run on the Windows NT platform. The authors of 'Back Orifice' do not directly claim that their product poses any threat to Windows NT Server, even though it seems to be implied.

What Customers Should Do

Customers do not need to take any special precautions against external 'attacks' from this program, since it would need to be installed on their system before any vulnerabilities could be created. However, customers should ensure that they follow all of the normal precautions regarding safe computing:

  • Customers should keep their software up to date and should never install or run software from unknown sources -- this applies both to software available on the Internet and sent via e-mail. Reputable software vendors digitally sign their software available on the Internet to verify its authenticity and safety.
  • Corporate administrators can block software that is not digitally signed by a reputable or authorized software company at their proxy server or firewall.
  • Customers should keep their software up to date to ensure that hackers cannot take advantage of known issues.
  • Companies should actively use auditing and monitor their network usage to deter and prevent insider attacks.

More Information

The following sources provide additional information about this issue:

Download
  • ISS Security Alert Advisory, 'Cult of the Dead Cow Back Orifice Backdoor' http://www.iss.net/xforce/alerts/advise5.html

Revisions

  • August 4, 1998: Bulletin Created
  • August 7, 1998: Bulletin Updated, minor changes and additional links
  • August 12, 1998: Bulletin Updated with more information on Windows 95 and Windows 98

For additional security-related information about Microsoft products, please visit http://www.microsoft.com/technet/security

THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED 'AS IS' WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY.

Built at 2014-04-18T13:49:36Z-07:00


Risk Level:
LOW

Threat Name:Back Orifice
Threat Family:Back Orifice
Type:Trojans
Subtype:Trojans
Date Discovered:
Length:124 bytes
Registry Clean-Up Tool:Free Download


Compatible with Windows 10, 8, 7, Vista and Windows XP

Optional Offer for WinThruster by Solvusoft | EULA | Privacy Policy | Terms | Uninstall

What is Back Orifice?

Back Orifice is a trojan that comes hidden in malicious programs. Once you install the source (carrier) program, this trojan attempts to gain 'root' access (administrator level access) to your computer without your knowledge.

Trojans like Back Orifice are difficult to detect because they hide themselves by integrating into the operating system. Once it infects your computer, Back Orifice executes each time your computer boots and attempts to download and install other malicious files. Upon successful execution, it deletes the source program, making it more difficult to detect.

What are Trojans?

Trojans are one of the most dangerous and widely circulated strains of malware. A trojan disguises itself as a useful computer program and induces you to install it. By the time that you discover that the program is a rogue trojan and attempt to get rid of it, a lot of damage has already been done to your system.

The intent of a trojan is to disrupt the normal functionality of a computer, gradually stopping it from working altogether. Trojans can make genuine software programs behave erratically and slow down the operating system. Trojans can delete files, monitor your computer activities, or steal your confidential information. They can enable attackers to have full access to your computer… as if they are physically sitting in front of it.