Question

ClamWin identified that the TargetWindows04 machine was infected with the Back Orifice (BO) exploit. Explain how this virus was named and why it can still be dangerous.

Answer 1

Back Orifice (BO) is a trojan that provides a backdoor into your computer when active and you are connected to the Internet.  The name Back Orifice is inspired by the name of Microsoft's BackOffice product.

Back Orifice (BO) is a remote administration system that allows a user to take full control of a computer remotely running the Microsoft Windows operating system (OS) across a TCP/IP connection, either through a simple console or graphical user interface (GUI). It is still dangerous because of the following reasons.

• There is no easy way for a computer user to know the attack is taking place, and there is no easy way to stop the attack once Back Orifice has installed itself on the computer.
• The application is in the form of a remote administration system that is remotely installed without user interaction and does not show up in the task manager panel, so it cannot be killed.
• It restarts itself each time the OS starts. The system's client side is installed on another computer where the administrator can take control of the remote computer.

BO has the following capabilities.

• System control: Allows the administrator to remotely log key strokes or lock/reboot the machine. It can get detailed machine information, including access to all drives and passwords saved or cached by the OS or user.
• File system control: Allows total control of the file system from copying, modifying, locking and deleting to compression and decompression.
• Process control: Spawns or kills processes at will.
• Multimedia and application control: Controls any multimedia device, such as the computer’s webcam or microphone, plays audio/video (A/V) files, take screenshots and more.
• Network control: Functions as an integrated packet sniffer, allowing the monitoring of data, logs and any passwords while redirecting any incoming packet to any port toward any other port or address.