Back Orifice 2000 under control
July 15, 1999
by David Needle
(IDG) -- "We have it under control." That was the message from antivirus vendors responding to Back Orifice 2000, the new Trojan horse.
"There is no panic. It hasn't been out there long enough, and we don't anticipate it's going to be a problem for our customers," said Darren Kessner, a senior virus researcher at Symantec's antivirus research center.
When BO2K, as the program is also known, was released last Saturday, Symantec put a team of engineers and others to analyze the virus. They developed a fix by Sunday morning. Competitors such as Network Associates and smaller players such as Moosoft Development also responded quickly with antidotes to the BO2K, which are available at each company's Website.
Danger still looms
While there are a range of preventable options and fixes in place, BO2K can pose a serious threat if undetected. The program is usually distributed as an attachment via e-mail. The attachment could be named something innocuous such as joke.exe. But when executed, BO2K turns control of the desktop system over to a remote user who can view, delete, or change files.
BO2K was released last Saturday at the DefCon VII computer show in Las Vegas. Because the source code for BO2K was released publicly, security experts are also concerned more pernicious variations of the virus may inevitably be developed.
Windows NT has earned a reputation for being more secure than Microsoft's other desktop operating systems, Win 95 and 98, but is still vulnerable--as are most, if not all operating systems--to Trojan horses.
"Back Orifice 2000 is not technically a virus because it does not self-replicate or propagate," said a Network Associates advisory.
The company's antivirus emergency response team rates BO2K as a "medium" threat due to its destructive qualities, wide exposure and availability, balanced by relatively few outbreaks at customer sites and widespread advance notice of BO2K.
"The most important thing users can do is to not to run attachments you aren't sure about," said Symantec's Kessner.
BO2K is "something very standard, that we've dealt with for a long time," adds Kessner. "It's no greater threat than earlier Trojan horses."
Most antivirus vendors also offer 30-day free trial versions of their software from their Website for download. The Network Associates site will also scan your system for BO2K.
But probably the most inexpensive full-blown solution comes from Moosoft, which specializes in solutions to Trojan horse programs. Moosoft's The Cleaner, Version 2.1, is available for download at $19.95, and scans for and eliminates BO2K files. The company also offers a 30-day free trial.
Moosoft has identified 128 Trojan horse programs handled by The Cleaner, and claims the fastest scan engine in the industry, according to company spokesman Robert Dyke. The Cleaner scans files, drives or directories as specified by the user, though it does not operate in the background to automatically check as the more expensive programs from Symantec and Network Associates do.
Another line of defense against BO2K is ZoneAlarm, from Zone Labs, which the company released Tuesday as a free adjunct to antivirus software for Win 95, 98, NT and 2000. ZoneAlarm prompts users for permission any time a program coming from the Internet tries to install itself on the user's PC.
Another feature called Internet Lock prevents all applications from sending or receiving data unless authorized by the user. ZoneAlarm also includes an Automatic Lock feature that secures the PC anytime a screen saver is activated or after a specified period of inactivity.
"While firewalls, antivirus programs, and intrusion-detection applications provide a high level of security for connected PCs, they cannot prevent a rogue program that slips by these defenses from stealing information and transmitting it over the Internet," said Zone Labs President Gregor Freund. "The ZoneAlarm Internet security utility provides an additional and crucial level of security by letting users control and monitor Internet access on a per-application basis in real time."
New and improved Back Orifice targets Windows NT
RELATED IDG.net STORIES:
Hack-a-thon demos the latest chaos
Symantec Antivirus Research Center
|Back to the top||
© 2001 Cable News Network. All Rights Reserved.|
Terms under which this service is provided to you.
Read our privacy guidelines.