Question

ClamWin identified that the TargetWindows04 machine was infected with the Back Orifice (BO) exploit.

Explain how this virus was named and why it can still be dangerous.

Answer 1

Answer : Given data

* Back Orifice (BO) is a trojan that provides a backdoor into your computer when active and you are connected to the Internet.

* The name Back Orifice is inspired by the name of Microsoft's BackOffice product.

* Back Orifice (BO) is a remote administration system that allows a user to take full control of a computer remotely running the Microsoft Windows operating system (OS) across a TCP/IP connection, either through a simple console or graphical user interface (GUI).

* It is still dangerous because of the following reasons.

• There is no easy way for a computer user to know the attack is taking place, and there is no easy way to stop the attack once Back Orifice has installed itself on the computer.
• The application is in the form of a remote administration system that is remotely installed without user interaction and does not show up in the task manager panel, so it cannot be killed.
• It restarts itself each time the OS starts.
• The system's client side is installed on another computer where the administrator can take control of the remote computer.

* BO has the following capabilities.

• System control: Allows the administrator to remotely log key strokes or lock/reboot the machine.
• It can get detailed machine information, including access to all drives and passwords saved or cached by the OS or user.
• File system control: Allows total control of the file system from copying, modifying, locking and deleting to compression and decompression.
• Process control: Spawns or kills processes at will.
• Multimedia and application control: Controls any multimedia device, such as the computer’s webcam or microphone, plays audio/video (A/V) files, take screenshots and more.
• Network control: Functions as an integrated packet sniffer, allowing the monitoring of data, logs and any passwords while redirecting any incoming packet to any port toward any other port or address.