Back Orifice 2000

Back Orifice 2000
Screenshot of BO2k client
Developer(s)	Dildog (cDc) (original code) BO2k Development Team (current maintenance)
Stable release	1.1.6 (Windows), 0.1.5 pre1 (Linux) / March 21, 2007
Operating system	Microsoft Windows, Linux-systems (client only)
Type	Remote administration
License	GPL
Website	BO2k development site

Back Orifice 2000 (often shortened to BO2k) is a computer program designed for remote system administration. It enables a user to control a computer running the Microsoft Windows operating system from a remote location. The name is a pun on Microsoft BackOffice Server software.

BO2k debuted on July 10, 1999 at DEF CON 7 computer security convention in Las Vegas, Nevada. It was originally written by Dildog, a member of US hacker group Cult of the Dead Cow. It was a successor to the cDc's Back Orifice remote administration tool, released the previous year. As of 2007^[update], BO2k is being actively developed.

Whereas the original Back Orifice was limited to the Windows 95 and Windows 98 operating systems, BO2k also supports Windows NT, Windows 2000 and Windows XP. Some BO2k client functionality has also been implemented for Linux-systems. In addition, BO2k was released as free software, which allows one to port it to other operating systems.

1 Plugins
2 Controversy
3 References
4 External links

Plugins

BO2k has a plugin architecture. The optional plugins include

communication encryption with AES, serpent, CAST-256, IDEA or Blowfish encryption algorithms
network address altering notification by email and cgi
total remote file control
remote Windows registry editing
watching at the desktop remotely by streaming video
remote control of both the keyboard and the mouse
a chat, allowing administrator to discuss with users
option to hide things from system (rootkit behaviour, based on FU Rootkit)
accessing systems hidden by a firewall (the administrated system can form a connection outward to the administrators computer. Optionally, to escape even more connection problems, the communication can be done by a web browser the user uses to surf the web.)
forming connection chains through a number of administrated systems
client-less remote administration over IRC
on-line keypress recording.

Controversy

Back Orifice and Back Orifice 2000 are widely regarded as malware, tools intended to be used as a combined rootkit and backdoor. For example at present many antivirus softwares identify them as trojan horses.^[1]^[2]^[3]^[4]^[5] This classification is justified by the fact that BO2k can be installed by a trojan horse, in cases where it is used by an unauthorized user, unbeknownst to the system administrator. System administrators should ignore the alerts when they are using BO2k for administration of their system.

There are several reasons for this, including: the association with cDc; the tone of the initial product launch at Def Con '99^[6] (including that the first distribution of BO2k by cDc was infected by the CIH virus^[7]); the existence of tools (such as "Silk rope"^[8]) designed to add BO2k dropper capability to self-propagating malware; and the fact that it has actually widely been used for malicious purposes.^[9]^[10]^[11] The most common criticism is that BO2k installs and operates silently, without warning a logged-on user that remote administration or surveillance is taking place.^[12] According to the official BO2k documentation, the person running the BO2k server is not supposed to know that it is running on his computer.^[13]

BO2k developers counter these concerns in their Note on Product Legitimacy and Security, pointing out—among other things—that some remote administration tools widely recognized as legitimate, also have options for silent installation and operation.

References

^ Symantec press release, dated 12 July 1999, accessed 8 August 2006
^ ISS press release, dated 13 July 1999, accessed 8 August 2006
^ Trend Micro press release, dated 12 July 1999, accessed 8 August 2006
^ CA threat description, dated 30 November 2005, accessed 8 August 2006
^ F-secure threat description, accessed 8 August 2006
^ CNN.com report "Bad rap for Back Orifice 2000?", dated 21 Jul 1999, accessed 8 August 2006
^ ZDNet news "Back Orifice CDs infected with CIH virus", dated 14 July 1999, accessed 8 August 2006
^ Trend Micro threat description, dated 14 July 2000, accessed 8 August 2006
^ Insecure.org mailing list archive, Rik van Riel report dated 3 October 2000, accessed 8 August 2006
^ Security Focus "Airport PCs stuffed with meaty goodness", dated 21 September 2005, accessed 8 August 2006
^ Microsoft Security Administrator article "Danger: Remote Access Trojans", September 2002 edition, accessed 8 August 2006
^ Bruce Schneier's Crypto-Gram Newsletter, dated 15 August 1999, accessed 8 August 2006
^ Official BO2k Documentation: Basic Setup

External links

Remote administration software

General	Remote desktop software Comparison of remote desktop software

Implementations	Absolute Manage AetherPal Apple Remote Desktop Back Orifice Back Orifice 2000 Citrix XenApp Crossloop DameWare Mini Remote Control NetBus Netop Remote Control NetSupport Manager pcAnywhere Radmin RealVNC Remote Desktop Services Remote Utilities Secure Shell Sub7 System Center Configuration Manager TeamViewer TightVNC Timbuktu UltraVNC Virtual Network Computing

Cult of the Dead Cow

People	Grandmaster Ratte' • Oxblood Ruffin • Dildog • Mudge • Lord Digital • Mixter • ioerror

Tools	Back Orifice • Back Orifice 2000 • NBName • SMBRelay • XeroBank Browser

Related Articles	Hacktivismo • Hacktivismo Enhanced-Source Software License Agreement • Demon Roach Underground • HoHoCon

Associated Organizations	L0pht • Mindvox • Legion of Doom • Masters of Deception • YIPL/TAP • Soylent Communications • Sacrament of Transition • ACiD Productions • Soulz at Zero

Back Orifice 2000

Contents

Plugins

Controversy

References

External links