ad info
   personal technology

 custom news
 Headline News brief
 daily almanac
 CNN networks
 CNN programs
 on-air transcripts
 news quiz

CNN Websites
 video on demand
 video archive
 audio on demand
 news email services
 free email accounts
 desktop headlines

 message boards




PC World

Back Orifice 2000 under control

The evil and traumatic side of Windows NT

July 15, 1999
Web posted at: 9:35 a.m. EDT (1335 GMT)

by David Needle

(IDG) -- "We have it under control." That was the message from antivirus vendors responding to Back Orifice 2000, the new Trojan horse.

"There is no panic. It hasn't been out there long enough, and we don't anticipate it's going to be a problem for our customers," said Darren Kessner, a senior virus researcher at Symantec's antivirus research center.

When BO2K, as the program is also known, was released last Saturday, Symantec put a team of engineers and others to analyze the virus. They developed a fix by Sunday morning. Competitors such as Network Associates and smaller players such as Moosoft Development also responded quickly with antidotes to the BO2K, which are available at each company's Website.

Danger still looms

While there are a range of preventable options and fixes in place, BO2K can pose a serious threat if undetected. The program is usually distributed as an attachment via e-mail. The attachment could be named something innocuous such as joke.exe. But when executed, BO2K turns control of the desktop system over to a remote user who can view, delete, or change files.

BO2K was released last Saturday at the DefCon VII computer show in Las Vegas. Because the source code for BO2K was released publicly, security experts are also concerned more pernicious variations of the virus may inevitably be developed.
  PC World home page
  FileWorld find free software fast
  Make your PC work harder with these tips
 Reviews & in-depth info at
 *'s desktop PC page's portable PC page's Windows software page's personal news page
  Year 2000 World
  Questions about computers? Let's editors help you
  Subscribe to's free daily newsletter for computer geniuses (& newbies)
  Search in 12 languages
 News Radio
 * Fusion audio primers
 * Computerworld Minute

Windows NT has earned a reputation for being more secure than Microsoft's other desktop operating systems, Win 95 and 98, but is still vulnerable--as are most, if not all operating systems--to Trojan horses.

"Back Orifice 2000 is not technically a virus because it does not self-replicate or propagate," said a Network Associates advisory.

The company's antivirus emergency response team rates BO2K as a "medium" threat due to its destructive qualities, wide exposure and availability, balanced by relatively few outbreaks at customer sites and widespread advance notice of BO2K.

Protect yourself

"The most important thing users can do is to not to run attachments you aren't sure about," said Symantec's Kessner.

BO2K is "something very standard, that we've dealt with for a long time," adds Kessner. "It's no greater threat than earlier Trojan horses."

Most antivirus vendors also offer 30-day free trial versions of their software from their Website for download. The Network Associates site will also scan your system for BO2K.

But probably the most inexpensive full-blown solution comes from Moosoft, which specializes in solutions to Trojan horse programs. Moosoft's The Cleaner, Version 2.1, is available for download at $19.95, and scans for and eliminates BO2K files. The company also offers a 30-day free trial.

Moosoft has identified 128 Trojan horse programs handled by The Cleaner, and claims the fastest scan engine in the industry, according to company spokesman Robert Dyke. The Cleaner scans files, drives or directories as specified by the user, though it does not operate in the background to automatically check as the more expensive programs from Symantec and Network Associates do.

PC lock-down

Another line of defense against BO2K is ZoneAlarm, from Zone Labs, which the company released Tuesday as a free adjunct to antivirus software for Win 95, 98, NT and 2000. ZoneAlarm prompts users for permission any time a program coming from the Internet tries to install itself on the user's PC.

Another feature called Internet Lock prevents all applications from sending or receiving data unless authorized by the user. ZoneAlarm also includes an Automatic Lock feature that secures the PC anytime a screen saver is activated or after a specified period of inactivity.

"While firewalls, antivirus programs, and intrusion-detection applications provide a high level of security for connected PCs, they cannot prevent a rogue program that slips by these defenses from stealing information and transmitting it over the Internet," said Zone Labs President Gregor Freund. "The ZoneAlarm Internet security utility provides an additional and crucial level of security by letting users control and monitor Internet access on a per-application basis in real time."

Insurgency on the Internet

New and improved Back Orifice targets Windows NT
July 7, 1999
FBI on offensive in 'cyber war,' raiding hackers' homes
June 24, 1999

Hack-a-thon demos the latest chaos
(PC World Online)
Companies brace for Trojan Horse
(PC World Online)
Hacker tool targets Windows NT
(PC World Online)
Hackers gather in Vegas
(PC World Online)
Hacker group tries to convince world its Back Orifice tool is legit
(Network World Fusion)
BackOrifice 2000 released with great fanfare at DefCon
(InfoWorld Electric)
Remedies online for Back Orifice 2000
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.

Symantec Antivirus Research Center
Norton Antivirus
Network Associates
Moosoft Development
Zone Labs
Note: Pages will open in a new browser window
External sites are not endorsed by CNN Interactive.
Enter keyword(s)   go    help

Back to the top   © 2001 Cable News Network. All Rights Reserved.
Terms under which this service is provided to you.
Read our privacy guidelines.