While hacker group Cult of the Dead Cow (CDC) held a press conference, announcing the release of Back Orifice 2000 (BO2K) to a throng of celebrants attending the DEFCON convention in Las Vegas, researchers were anxiously awaiting their own copy in order to provide users with a defense.
Consisting of a server and client application, BO2K is a backdoor trojan horse program that, once installed on a Windows-based system, allows remote access for monitoring and controlling activity. The program is a new version of Back Orifice released last year by the same group.
BO2K, however, not only does Windows, it now works with NT. This means, of course, that businesses — including e-commerce operations — could be impacted. The program is open-source, so there will possibly be multiple variations. Additionally, stronger encryption included with this new version will make it more difficult to detect.
BO2K spreads largely by way of e-mail contact, and thus has the potential to proliferate across the web in the manner of W32/ExploreZip.worm. Security experts advise a number of obvious measures that individuals and e-businesses can take to prevent infection, which include avoiding e-mail attachments — particularly from unfamiliar sources.
Users are also advised to have proper security options when connected to the Internet with network file sharing enabled, to set e-mail client software security settings to high and not to accept files from Internet chat systems. But, if the worst-case scenario does occur — the program is designed to be invisible to the user — assistance is available.
As they have done with other recent virus-like threats that have spread online, utility software vendors — after receiving a copy of BO2K — raced to analyze and post a solution on their Web sites. Symantec, (Nasdaq: SYMC) for instance, quickly posted technical and specific removal notes through its AntiVirus Research Center.
Network Associates (Nasdaq: NETA) dispatched their Anti-Virus Emergency Response Team, who also promptly made protection available. Trend Micro and Internet Security Systems (Nasdaq: ISSX) are among the other companies who have responded to the threat.
One Million Dollars and A Monster Truck
Well before its weekend release into the wild, Microsoft had been actively campaigning against BO2K while security and Antivirus software vendors were communicating with CDC trying to obtain advance copies to study.
CDC representative Reid Fleming sarcastically answered one such software company request: “we are willing to provide you with the software you desire if and only if you will, in exchange, grant us one million dollars and a monster truck.”
BO2K is a legitimate security administration tool for network analysis, according to CDC. Experts predictably dispute such claims. Members of CDC maintain that antivirus programs are inefficient, and that their own security solutions are currently in development.