Symantec Posts Definition Against Back Orifice
Symantec Antivirus Research Centre (Sarc) Posts Definition Against Back Orifice 2000
SARC has received a sample of Back Orifice 2000 - a program which modifies a user's system without their knowledge and allows others to gain full access to a computer system. This is the second release of the Back Orifice Trojan from the hacking group, "Cult of the Dead Cow".
Symantec Norton AntiVirus users can protect themselves from this trojan by downloading the current virus definitions today either through Norton AntiVirus LiveUpdate or from the following web page: http://www.symantec.com/avcenter/download.html
The new definition available will update servers and workstations without the need to reboot.
Back Orifice 2000 is a backdoor trojan program. It is not classified as a virus because it does not replicate into other programs. Recipients of this trojan will receive the file as an .exe file (possibly called BO2k.exe). Back Orifice 2000 is purported to allow remote control of a PC over several protocols (the original Back Orifice worked over TCP/IP only) without the knowledge of the PC user, giving access to files, screen shots and creating log files of user activity. BO2k will function on Windows 95/98 and Windows NT.
It should be noted that an alleged fix for the first release of Back Orifice was circulated around the Internet last year by the Cult of the Dead Cow, although this also contained the Back Orifice Trojan.
This Trojan can be spread in numerous ways but the most likely is by an email with an .exe file attachment. The attachment could be called anything and could come from an email address known to you or not. The receiver of an email that contains the .exe file can not be infected if they do not open the emailed attachment. It is also important to note that companies with correctly configured firewalls are not at risk from losing company information from the use of this tool.
further information regarding Back Orifice 2000 please visit
the SARC: www.sarc.com