 t h
i r d w a
v e
|
by robert d. mcrae
Hackers Find The Back Orifice
Perhaps it was fitting that cyber-gossipist Matt Drudge broke
the story of a new cyber-threat.
The July 30, 1999, "Drudge Report" reported that
"computer giants Microsoft and Compaq admitted on Friday that Internet pirates and
pranksters now have the ability to damage millions of computers worldwide via e-mail or
through commands sent from a malicious Web site." According to the next day’s
edition of the New York Times, Microsoft and Compaq blamed "several significant
security flaws" for this problem.
In fact, the problem isn’t really a security flaw but
rather is inherent to the design of Windows 95/98. Both versions of Windows are designed
to operate in a network environment and, as such, have built-in facilities that allow
hackers access to your machine.
Unless you make it your business to stay abreast of Internet
security problems, you have probably never heard of Back Orifice. Back Orifice (a pun on
the name of "Back Office," a legitimate network management tool) is a program
that can give uninvited guests access to and control of your computer by way of its
Internet link. Orifice runs on Windows 95/98 systems and gives a remote user administrator
privileges to your computer.
Back Orifice was released by the Cult of the Dead Cow,
self-described as the most influential group of hackers in the world (http://www.cult
deadcow.com), in August of 1998.
By some indications over 100,000 people have downloaded the
program since then, and the number of Orifice sites is growing daily. Experts fear that
its full potential for harm still hasn’t been realized.
While it is not a virus, Back Orifice arrives at your computer
in the same manner as a virus, attached to another program or file. Once it gets there the
program can be launched and run by a remote operator. There are no outward signs that the
program is running on your computer, but once it is running your system is easily accessed
any time you connect to the Internet.
At present there is no antivirus tool that can reliably
prevent the installation of Back Orifice or reliably remove it once installed. Both
Symantec’s Norton AntiVirus and McAfee’s anti-virus programs detect Back
Orifice, but neither removes it when it is running. Common sense is the best defense.
Don’t install and run just any program that’s sent to you. If you don’t
know the person sending you the file or if you suspect that it has been passed on without
much scrutiny, don’t install it.
There is one surefire way to determine if Back Orifice is
installed on your system. An entry in the Windows registry file allows Back Orifice to be
invoked at startup.
The most complete site for information on Back Orifice (http://www.bardon.com/
boelimbyhand.htm) includes information on how to remove that entry from the registry
file. The site also contains additional information on Back Orifice, how it is used, and
other services to protect your computer from it.
Detecting and removing Back Orifice from your system is
relatively easy. Internet Security Systems’s Web site (http://www.
iss.net/xforce/alerts/advise5.html) has the necessary technical facts in its security
alert advisory on Back Orifice.
Remember: The best defense against an infected computer is a
healthy fear of downloading or running programs unless you are 100 percent sure that they
are trustworthy. The best rule of thumb is: When in doubt — don’t.
Robert D. McRae is senior vice president and information services director
for Associated Industries of Florida (e-mail: rmcrae@aif.com).
September/October 1999 -- Florida Business Insight, PO Box 784, Tallahassee, Fla.
32302
(850)224-7173, insight@aif.com |
