Threat Encyclopedia

Selected viruses, spyware, and other threats: sorted alphabetically

Back Orifice

Back Orifice is not a virus; it can be classified as a Trojan horse. Back Orifice was created by members of the group “The Cult of the Dead Cow“. They call it a “security tool“. Basically, Back Orifice is a software for remote computer control – it enables access to remote PC and its control via Internet. Back Orifice has a wide range of options. Moreover, it enables attaching of supplements in the form of “plug-ins”. For example, Back Orifice enables:

  • Accessing the host disks
  • Reading and sending of basic information about the host computer
  • Searching, sending, receiving, compressing and decompressing files
  • Accessing the “registry
  • Displaying messages
  • Playing of audio files
  • Controlling processes
  • Finding out and sending various passwords

Back Orifice can be easily abused. There are tools which enable to connect Back Orifice to any other program. They can enwrap it into a trustworthy installation with professional outlook. Back Orifice will create a file WINDLL.DLL on a PC and will register it in registers under HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices and in case of activation it will also create files BOFILEMAPPINGKEY and BOFILEMAPPINGCON. After Back Orifice is installed on a target computer you can be connected to it either by means of a special program or even by means of a common WWW outlook because Back Orifice supports HTTP protocol and emulates web server. There are two penetrating plug-ins for Back Orifice. The first one will, after Back Orifice was installed on the target computer, send to the saboteur an email with IP address of the infected computer. The second one will establish a secret connection with the predefined IRC server and will send the IP address to given channel.

© 1992-2004 Eset s.r.o. All rights reserved. No part of this Encyclopedia may be reproduced, transmitted or used in any other way in any form or by any means without the prior permission.