Symantec Antivirus Research Centre (Sarc) Posts Definition Against Back Orifice 2000
SARC has received a sample of Back Orifice 2000 - a program which modifies a user's system without their knowledge and
allows others to gain full access to a computer system. This is the second release of the Back Orifice Trojan from the
hacking group, "Cult of the Dead Cow".
Symantec Norton AntiVirus users can protect themselves from this trojan by downloading the current virus definitions
today either through Norton AntiVirus LiveUpdate or from the following web page:
http://www.symantec.com/avcenter/download.html
The new definition available will update servers and workstations without the need to reboot.
Back Orifice 2000 is a backdoor trojan program. It is not classified as a virus because it does not replicate into other
programs. Recipients of this trojan will receive the file as an .exe file (possibly called BO2k.exe). Back Orifice 2000
is purported to allow remote control of a PC over several protocols (the original Back Orifice worked over TCP/IP only)
without the knowledge of the PC user, giving access to files, screen shots and creating log files of user activity. BO2k
will function on Windows 95/98 and Windows NT.
It should be noted that an alleged fix for the first release of Back Orifice was circulated around the Internet last
year by the Cult of the Dead Cow, although this also contained the Back Orifice Trojan.
This Trojan can be spread in numerous ways but the most likely is by an email with an .exe file attachment. The
attachment could be called anything and could come from an email address known to you or not. The receiver of an email
that contains the .exe file can not be infected if they do not open the emailed attachment. It is also important to note
that companies with correctly configured firewalls are not at risk from losing company information from the use of this
tool.
For further information regarding Back Orifice 2000 please visit the SARC: www.sarc.com