Hacker tool targets Windows NT
- 06 July, 1999 21:49
From the group that brought us the hacking tool Back Orifice will be a new release -- Back Orifice 2000, which is claimed to be smaller, nimbler and twice as nefarious.
The hacker group the Cult of the Dead Cow created and released the program Back Orifice last year to the general public at the Las Vegas hacker and security conference DEF CON. The program allows its users to remotely control victims' desktops, potentially undetected.
At this year's conference, on July 9, the cult will outdo itself and release Back Orifice 2000, says a member who goes by the pseudonym Sir Dystic. "We want to raise awareness to the vulnerabilities that exist within the Windows operating system. We believe the best way to do this is by pointing out its weaknesses."
Unlike earlier versions that affected consumers and small businesses, Back Orifice 2000 hits large organisations because it runs on Windows NT systems, which are more used by businesses. Also, the updated program is modular, so users can add additional functions. For example, they could hide files or activate a computer's microphone for real-time audio monitoring, according to Cult of the Dead Cow.
Back Orifice 2000 will also be more difficult to detect via network monitoring programs, according to Sir Dystic. This is because the program can communicate back to the sender by using a variety of different protocols, making it hard to identify.
The group also says it will make the source code available for Back Orifice 2000, which will likely spawn multiple strains of the program in the hacker community, experts say.
Another purported function is real-time keystroke-logging, which can record and transmit a record of every keystroke of an infected computer. Also, the recipient can view the desktop of a targeted computer in real time.
It should be noted that PC World has no independent confirmation that new Back Orifice 2000 program actually lives up to the claims of Cult of the Dead Cow.
"We will be closely monitoring DEF CON to see what Back Orifice 2000 has in store for us," says Andrew Maguire, a product manager with Network Associates, which markets security and antivirus products. The company promises to provide customers with software protection for Back Orifice 2000, as it did with the original Back Orifice, if and when the program is released.
In the past, Microsoft has downplayed the risk of Back Orifice. The program poses no threat to users who follow what the company considers safe computing practices, according to the company.
Back Orifice 2000 is classified as a Trojan horse program. These programs are generally destructive and are hidden inside e-mail attachments, games, utilities, or any executable application. When run, a Trojan horse tries to do something harmful to your computer under the pretence of being useful.
Security experts are worried about the proliferation of easy-to-use software tools that make it simpler for inexperienced hackers to break into sites. These so-called script kiddies, who use ready-made hacking software downloaded from the Internet, are creating a diversion from attacks made by more serious hackers, say experts.
Thousands of hacking programs are available on the Internet. Back Orifice is simply the most famous, Maguire says.
It's difficult to estimate how much damage hackers actually do. Some experts suggest it is overstated by a computer industry eager to sell safety services. Also, experts estimate 80 per cent of hacking comes from within a corporation rather than from outside attacks.
The upside of the teeming thousands of amateur hackers is that their prodigious efforts to hack into sites have forced software companies to provide security plugs and repairs to targeted software flaws, Cohen says.