Europe South Asia Asia Pacific Americas Middle East Africa BBC Homepage World Service Education



Front Page

World

UK

UK Politics

Business

Sci/Tech

Health

Education

Sport

Entertainment

Talking Point

In Depth

On Air

Archive
Feedback
Low Graphics
Help

Tuesday, July 13, 1999 Published at 10:45 GMT 11:45 UK


Sci/Tech

Back Orifice is child's play, say virus firms

Back Orifice 2000 was launched at Def Con 7 in Las Vegas

By Internet Correspondent Chris Nuttall

Internet virus-detection firms say they have easily cracked a program released by hackers at the weekend that is designed to break into computer systems, exposing security flaws in Microsoft software.

UK-based Sophos said it took an hour to write a detector for Back Orifice 2000 (BO2K) while Internet Security Systems (ISS) of Atlanta, Georgia, said its X-Force team led by Christopher Rouland had decoded the protocols and encryption algorithms within 24 hours.

Contributors to a discussion on the Slashdot Weblog pointed out that the code had been made simple to analyse anyway as it was "open source" and the hackers had made their point.

Earlier, BO2K's programmers, members of the "Cult of the Dead Cow", had poured scorn on Rouland's attempts to acquire a beta release of the software.

"We are gladly willing to provide you with the software you desire if and only if you will, in exchange, grant us one million dollars and a monster truck," they said in a message on its Website.

BO2K threatens Windows NT

BO2K was launched at the seventh annual Def Con convention, a hackers' conference held in Las Vegas. It came a year after Cult of the Dead Cow released the original version of Back Orifice, a pun on Microsoft's Back Office.


[ image: Rouland: $1m upfront charges]
Rouland: $1m upfront charges
The remote access program could be downloaded by would-be hackers, or crackers as they are more accurately known, to enable them to control other network- or Internet-linked computers.

Victims could be duped into installing a client program on their machines by running an e-mail attachment or downloading the program under a different name.

The BO2K update gives users more power to control networks running Windows NT.

'Just kids playing games'

But Graham Cluley, senior technology consultant with Sophos, said: "No-one got hit by it a year ago and we think it's going to be a complete non-issue now.

"We are rather underwhelmed by BO2K. They locked themselves in a room for six months to create this and it took us just an hour to write a detector for it.

"What's more, some of the CDs of the software they were distributing at the conference were infected with the CIH Chernobyl virus, so maybe they should look closer to home and their own security issues. [cDc have denied disks they personally distributed were infected]

"This is just a regular "Trojan Horse" program. It's rather buggy and these are not the security professionals they are claiming to be, they are just kids playing games."

Microsoft issues warning

In a tongue-in-cheek press release announcing BO2K, its creators had warned:

"Unfortunately for Microsoft, Back Orifice 2000 could bring pressure on the software leviathan to finally implement a security model in their Windows operating system. Failure to do so would leave customers vulnerable to malicious attacks from crackers using tools that exploit Windows' breezy defences."

Microsoft has already released a security bulletin warning users not to open files sent to them unless they are sure of the source and not to leave their computers unlocked and without up-to-date anti-virus software.

It denied that the software exploited security vulnerabilities in versions of the Windows Operating System:

"Trojan horse software doesn't target technology, it targets the user. If Back Orifice did in fact exploit security vulnerabilities in Windows or Windows NT, Microsoft would promptly fix the vulnerability, and Back Orifice would be stopped," it said.

"Instead, the makers of Back Orifice realised it is easier to target people and trick them into running harmful software than it is to target the technology."

Program could redirect traffic

ISS claimed it was the first to develop countermeasures for BO2K, although other security firms such as Sophos, Symantec and Network Associates were also posting advisories and updates to their anti-virus software.

ISS warned the program could easily be used to delete files, reconfigure machines, steal passwords and redirect network traffic, without a user or administrator's knowledge.

Crackers often reason that they are performing a service in breaking into Websites and networks because they expose security flaws.

Cult of the Dead Cow describes itself as "the most influential group of hackers in the world". Formed in 1984, the cDc has published the longest running e-zine on the Internet, traded opinions with large software companies, and entered numerous dance competitions."



Advanced options | Search tips




Back to top | BBC News Home | BBC Homepage | ©


Sci/Tech Contents


Relevant Stories

29 Oct 98 | Sci/Tech
Ethical hackers are concerned by inside jobs

07 Aug 98 | Sci/Tech
How the Web grabs you





Internet Links


Microsoft BO2K advice

Def Con 7

ISS

Sophos

Slashdot discussion


The BBC is not responsible for the content of external internet sites.




In this section

World's smallest transistor

Scientists join forces to study Arctic ozone

Mathematicians crack big puzzle

From Business
The growing threat of internet fraud

Who watches the pilots?

From Health
Cold 'cure' comes one step closer