|
BOHICA Microsoft
Back Orifice 2000 Available On Net
0630 Hrs 14 July 1999
For a while, people were beginning to wonder if it was vapourware. However later rather than sooner, the binaries and source code for Back Orifice 2000 have been posted on the internet. Though they have not, at the time of writing been posted on www.cultdeadcow.com or www.bo2k.com mirror sites have been carrying versions of the code that was released at the Defcon show on Saturday.
A site in Denmark, phoz.dk has posted both US and International versions of the binaries and source code. However after being notified by Cancer Omega cDc that the export of strong crypto without an export licence was forbidden by the US government, the US files were pulled from phoz.dk.
The launch of BO2K apparently resembled a Microsoft product launch according to some reports. CDs of BO2K were thrown into the audience. The CDs were duplicated and somewhere along the line, the CIH virus was included on some CDs. Though it is believed that the infection was accidental the event was both ironic and suspicious. It was ironic that a release of what effectively is a remote access trojan program (RAT) was infected. It was suspicious in that it would be an ideal way to slow down the distribution of the program by creating fear and uncertainty.
Anti-virus companies were reporting that they had created detectors and patches for the program within twenty-four hours. Considering that unlike the launch of BO, they had the source code for BO2K this was not an earth shattering revelation. It did make them look good to the non-technical press though. Microsoft is still maintaining their ostrich defence and is claiming that BO2K is no real threat.
BO2K To Be Released At Defcon Show
2030 Hrs 09 July 1999
When the first version of Back Orifice was released last year it only worked on Windows 95 and W98. A new version, scheduled to be released tomorrow (July 10th) will work on Windows 2000 and Windows NT. This new version, dubbed BO2K will also include the source code.
Microsoft has never had a good repuation as regards the security of their products. The Windows 95 and Windows 98 operating systems are not secure operating systems in the same manner as Unix and Windows NT's C2 classification only applies when the computer is not connected to a network. The release of Back Orifice in August last year was a nasty suprise for Microsoft. It got to such a stage that Microsoft were providing press announcements about the software and how it was not related to the Back Office suite.
The Cult Of The Dead Cow's press release on the new program bills it as "the only way to control a Microsoft network". While Microsoft may disagree, BO had some very useful aspects for SysAdmins. Some of the features of BO2K include: Support for Windows NT, An open plugin architecture to allow for third party add-ons, strong cryptography to ensure secure network administration. While such elements are definite benefits to the administration of any Microsoft based network, some people are a bit wary and are trying to represent BO2K as being a trojan horse program that will widen security holes in Microsoft networks. There will be those who will use the program in a malicious manner. The original Back Orifice was downloaded 300,000 times from the cDC websites.
As the computer industry prepares for another onslaught of trojan horse attacks, Microsoft has posted a FAQ on BO2K. As of this time, Microsoft has no counter-measures against BO2K and is advising users to indulge in safe computing and to be careful about downloading software and running e-mail attachments.
|
