Back Orifice 2000 (often shortened to BO2k) is a
computer program
A computer program is a sequence or set of instructions in a programming language for a computer to execute. Computer programs are one component of software, which also includes documentation and other intangible components.
A computer program ...
designed for
remote system administration. It enables a user to control a computer running the
Microsoft Windows
Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for serv ...
operating system from a remote location. The name is a pun on
Microsoft BackOffice Server
Microsoft BackOffice Server is a discontinued computer software package featuring Windows NT Server and other Microsoft server products that ran on NT Server. It was marketed during the 1990s and early 2000s for use in branch operations and for ...
software.
BO2k debuted on July 10, 1999, at
DEF CON
DEF CON (also written as DEFCON, Defcon or DC) is a hacker convention held annually in Las Vegas, Nevada. The first DEF CON took place in June 1993 and today many attendees at DEF CON include computer security professionals, journalists, lawyer ...
7, a computer security convention in Las Vegas, Nevada. It was originally written by
Dildog
Christien Rioux, also known by his handle DilDog, is the co-founder and chief scientist for the Burlington, Massachusetts based company Veracode, for which he is the main patent holder.
Educated at MIT, Rioux was a computer security researcher ...
, a member of US hacker group
Cult of the Dead Cow
Cult of the Dead Cow, also known as cDc or cDc Communications, is a computer Hacker (term), hacker and Do it yourself, DIY mass media, media organization founded in 1984 in Lubbock, Texas. The group maintains a blog, weblog on its site, also ti ...
. It was a successor to the cDc's
Back Orifice
Back Orifice (often shortened to BO) is a computer program designed for remote administration, remote system administration. It enables a user to control a computer running the Microsoft Windows operating system from a remote location.Richtel, M ...
remote administration tool, released the previous year. , BO2k was being actively developed.
Whereas the original Back Orifice was limited to the
Windows 95
Windows 95 is a consumer-oriented operating system developed by Microsoft as part of its Windows 9x family of operating systems. The first operating system in the 9x family, it is the successor to Windows 3.1x, and was released to manufacturin ...
and
Windows 98
Windows 98 is a consumer-oriented operating system developed by Microsoft as part of its Windows 9x family of Microsoft Windows operating systems. The second operating system in the 9x line, it is the successor to Windows 95, and was released to ...
operating systems, BO2k also supports
Windows NT
Windows NT is a proprietary graphical operating system
An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs.
Time-sharing operating systems sc ...
,
Windows 2000
Windows 2000 is a major release of the Windows NT operating system developed by Microsoft and oriented towards businesses. It was the direct successor to Windows NT 4.0, and was Software release life cycle#Release to manufacturing (RTM), releas ...
and
Windows XP
Windows XP is a major release of Microsoft's Windows NT operating system. It was released to manufacturing on August 24, 2001, and later to retail on October 25, 2001. It is a direct upgrade to its predecessors, Windows 2000 for high-end and ...
. Some BO2k client functionality has also been implemented for
Linux
Linux ( or ) is a family of open-source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991, by Linus Torvalds. Linux is typically packaged as a Linux distribution, which ...
systems. In addition, BO2k was released as
free software
Free software or libre software is computer software distributed under terms that allow users to run the software for any purpose as well as to study, change, and distribute it and any adapted versions. Free software is a matter of liberty, no ...
, which allows one to
port
A port is a maritime facility comprising one or more wharves or loading areas, where ships load and discharge cargo and passengers. Although usually situated on a sea coast or estuary, ports can also be found far inland, such as Ham ...
it to other operating systems.
Plugins
BO2k has a
plugin architecture. The optional plugins include:
* communication encryption with
AES,
Serpent
Serpent or The Serpent may refer to:
* Snake, a carnivorous reptile of the suborder Serpentes
Mythology and religion
* Sea serpent, a monstrous ocean creature
* Serpent (symbolism), the snake in religious rites and mythological contexts
* Serp ...
,
CAST-256
In cryptography, CAST-256 (or CAST6) is a symmetric-key block cipher published in June 1998. It was submitted as a candidate for the Advanced Encryption Standard (AES); however, it was not among the five AES finalists. It is an extension of an ...
,
IDEA
In common usage and in philosophy, ideas are the results of thought. Also in philosophy, ideas can also be mental representational images of some object. Many philosophers have considered ideas to be a fundamental ontological category of being ...
or
Blowfish
Tetraodontidae is a family of primarily marine and estuarine fish of the order Tetraodontiformes. The family includes many familiar species variously called pufferfish, puffers, balloonfish, blowfish, blowies, bubblefish, globefish, swellfis ...
encryption algorithms
* network address altering notification by
email
Electronic mail (email or e-mail) is a method of exchanging messages ("mail") between people using electronic devices. Email was thus conceived as the electronic ( digital) version of, or counterpart to, mail, at a time when "mail" meant ...
and
CGI
* total remote file control
* remote
Windows registry
The Windows Registry is a hierarchical database that stores low-level settings for the Microsoft Windows operating system and for applications that opt to use the registry. The kernel, device drivers, services, Security Accounts Manager, and use ...
editing
* watching at the desktop remotely by streaming video
* remote control of both the keyboard and the mouse
* a chat, allowing administrator to discuss with users
* option to hide things from system (
rootkit
A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the exis ...
behavior, based on
FU Rootkit)
* accessing systems hidden by a firewall (the administrated system can form a connection outward to the administrator's computer. Optionally, to escape even more connection problems, the communication can be done by a web browser the user uses to surf the web.)
* forming connection chains through a number of administrated systems
* client-less remote administration over
IRC
Internet Relay Chat (IRC) is a text-based chat system for instant messaging. IRC is designed for group communication in discussion forums, called '' channels'', but also allows one-on-one communication via private messages as well as chat an ...
* on-line keypress recording
Controversy
Back Orifice and Back Orifice 2000 are widely regarded as
malware
Malware (a portmanteau for ''malicious software'') is any software intentionally designed to cause disruption to a computer, server, client, or computer network, leak private information, gain unauthorized access to information or systems, depri ...
, tools intended to be used as a combined
rootkit
A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed (for example, to an unauthorized user) and often masks its existence or the exis ...
and
backdoor
A back door is a door in the rear of a building. Back door may also refer to:
Arts and media
* Back Door (jazz trio), a British group
* Porta dos Fundos (literally “Back Door” in Portuguese) Brazilian comedy YouTube channel.
* Works so title ...
. For example, at present many
antivirus software
Antivirus software (abbreviated to AV software), also known as anti-malware, is a computer program used to prevent, detect, and remove malware.
Antivirus software was originally developed to detect and remove computer viruses, hence the nam ...
packages identify them as
Trojan horses
The Trojan Horse was a wooden horse said to have been used by the Greeks during the Trojan War to enter the city of Troy and win the war. The Trojan Horse is not mentioned in Homer's ''Iliad'', with the poem ending before the war is concluded, ...
. This classification is justified by the fact that BO2k can be installed by a Trojan horse, in cases where it is used by an unauthorized user, unbeknownst to the system administrator.
There are several reasons for this, including: the association with cDc; the tone of the initial product launch at DEF CON (including that the first distribution of BO2k by cDc was infected by the
CIH virus); the existence of tools (such as "Silk Rope") designed to add BO2k
dropper
An eye dropper, also called Pasteur pipette or simply dropper, is a device used to transfer small quantities of liquids. They are used in the laboratory and also to dispense small amounts of liquid medicines. A very common use was to dispense e ...
capability to self-propagating malware; and the fact that it has actually widely been used for malicious purposes. The most common criticism is that BO2k installs and operates silently, without warning a logged-on user that remote administration or surveillance is taking place. According to the official BO2k documentation, the person running the BO2k server is not supposed to know that it is running on their computer.
BO2k developers counter these concerns in their ''Note on Product Legitimacy and Security'', pointing out—among other things—that some remote administration tools widely recognized as legitimate also have options for silent installation and operation.
See also
*
Sub7
*
MiniPanzer and MegaPanzer
MiniPanzer and MegaPanzer are two variants of ''Bundestrojaner'' (German for federal Trojan horse) written for ERA IT Solutions (a Swiss federal government contractor) by software engineer Ruben Unteregger, and later used by Switzerland's Feder ...
*
File binder
File binders are utility software that allow a user to "bind" multiple files together resulting in a single executable. They are commonly used by hackers to insert other programs such as Trojan horses into otherwise harmless files, making them mor ...
External links
*
*
*
*
References
{{Cult of the Dead Cow
Windows remote administration software
Cult of the Dead Cow software
Remote administration software
de:Back Orifice
es:Back Orifice
fr:Back Orifice
it:Back Orifice
pt:Back Orifice
sv:Back Orifice