Tuesday, July 13, 1999 Published at 10:45 GMT 11:45 UK
Back Orifice is child's play, say virus firms
Back Orifice 2000 was launched at Def Con 7 in Las Vegas
By Internet Correspondent Chris Nuttall
Internet virus-detection firms say they have easily cracked a program released by hackers at the weekend that is designed to break into computer systems, exposing security flaws in Microsoft software.
UK-based Sophos said it took an hour to write a detector for Back Orifice 2000 (BO2K) while Internet Security Systems (ISS) of Atlanta, Georgia, said its X-Force team led by Christopher Rouland had decoded the protocols and encryption algorithms within 24 hours.
Contributors to a discussion on the Slashdot Weblog pointed out that the code had been made simple to analyse anyway as it was "open source" and the hackers had made their point.
Earlier, BO2K's programmers, members of the "Cult of the Dead Cow", had poured scorn on Rouland's attempts to acquire a beta release of the software.
"We are gladly willing to provide you with the software you desire if and only if you will, in exchange, grant us one million dollars and a monster truck," they said in a message on its Website.
BO2K threatens Windows NT
BO2K was launched at the seventh annual Def Con convention, a hackers' conference held in Las Vegas. It came a year after Cult of the Dead Cow released the original version of Back Orifice, a pun on Microsoft's Back Office.
Victims could be duped into installing a client program on their machines by running an e-mail attachment or downloading the program under a different name.
The BO2K update gives users more power to control networks running Windows NT.
'Just kids playing games'
But Graham Cluley, senior technology consultant with Sophos, said: "No-one got hit by it a year ago and we think it's going to be a complete non-issue now.
"We are rather underwhelmed by BO2K. They locked themselves in a room for six months to create this and it took us just an hour to write a detector for it.
"What's more, some of the CDs of the software they were distributing at the conference were infected with the CIH Chernobyl virus, so maybe they should look closer to home and their own security issues. [cDc have denied disks they personally distributed were infected]
"This is just a regular "Trojan Horse" program. It's rather buggy and these are not the security professionals they are claiming to be, they are just kids playing games."
Microsoft issues warning
In a tongue-in-cheek press release announcing BO2K, its creators had warned:
"Unfortunately for Microsoft, Back Orifice 2000 could bring pressure on the software leviathan to finally implement a security model in their Windows operating system. Failure to do so would leave customers vulnerable to malicious attacks from crackers using tools that exploit Windows' breezy defences."
Microsoft has already released a security bulletin warning users not to open files sent to them unless they are sure of the source and not to leave their computers unlocked and without up-to-date anti-virus software.
It denied that the software exploited security vulnerabilities in versions of the Windows Operating System:
"Trojan horse software doesn't target technology, it targets the user. If Back Orifice did in fact exploit security vulnerabilities in Windows or Windows NT, Microsoft would promptly fix the vulnerability, and Back Orifice would be stopped," it said.
"Instead, the makers of Back Orifice realised it is easier to target people and trick them into running harmful software than it is to target the technology."
Program could redirect traffic
ISS claimed it was the first to develop countermeasures for BO2K, although other security firms such as Sophos, Symantec and Network Associates were also posting advisories and updates to their anti-virus software.
ISS warned the program could easily be used to delete files, reconfigure machines, steal passwords and redirect network traffic, without a user or administrator's knowledge.
Crackers often reason that they are performing a service in breaking into Websites and networks because they expose security flaws.
Cult of the Dead Cow describes itself as "the most influential group of hackers in the world". Formed in 1984, the cDc has published the longest running e-zine on the Internet, traded opinions with large software companies, and entered numerous dance competitions."