Back Orifice 2000 allows complete remote administrative control
| backdoor-bo2k (2343) |  High Risk |
Description:
Back Orifice 2000 is one of many backdoor programs that attackers can use to access your computer system without your knowledge or consent. Back Orifice 2000 allows remote operation of infected Windows 95/98 and Windows NT computers. With the Back Orifice 2000 backdoor, an attacker can do the following:
- gather information about your network
- perform system commands
- reconfigure computers on your network
- redirect network traffic
Consequences:
Gain Access
Remedy:
The Back Orifice 2000 backdoor can be very difficult to remove manually, because it is highly configurable, making it difficult to identify on your system. By default, the Back Orifice 2000 backdoor will install itself in the Windows system directory as the file UMGR32.EXE. On Windows NT, it will install a service listed as "Remote Administration Service." However, this default name can be changed. Refer to the steps below for using an antivirus program to remove the backdoor.
To use an antivirus program to remove the Back Orifice 2000 backdoor:
- If you do not have an antivirus program installed, download and install one of these virus scanners:
- Norton AntiVirus: http://www.symantec.com/nav/indexA.html
- McAfee VirusScan: http://software.mcafee.com/centers/download/
- Trend Micro PC-Cillin: http://www.antivirus.com/pc-cillin/products/
- Run the antivirus program to scan your system for this backdoor. The virus scanner should find and remove the Back Orifice 2000 backdoor from your computer.
References:
- Cult of the Dead Cow (cDc) Web site: Back Orifice 2000.
- Internet Security Systems Security Alert #31: Back Orifice 2000.
- Microsoft Security Bulletin: What Customers Should Know About 'BackOrifice 2000'.
- Symantec AntiVirus Research Center: BackOrifice2K.Trojan.
- Trend Micro Security Alert: Back Orifice 2000.
- CVE-1999-0660: A hacker utility, back door, or Trojan Horse is installed on a system, e.g. NetBus, Back Orifice, Rootkit, etc.
Platforms Affected:
- Microsoft Windows 95
- Microsoft Windows 98
- Microsoft Windows NT 4.0
Reported:
Jul 10, 1999
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net