ITrain Homepage

Site Directory
Membership
Train-the-Trainer
Trainer Certification
Certified Training Materials
ITinfo E-zine
Responsible Training
White Papers
Trainer Resources
What's New
Speaking Engagements
Onsite Training
ITrain Gear



Popular Links
Speaking Engagements
Training Manuals
Certification
Train the Trainer
The Training Book
Technical Writing
Privacy Policy

Print this document

Google
Web ITrain.org

McAfee Detects Back Orifice 2000

Network administrators breath a sigh of relief

ITinfo Sponsor

ERROR: Random File Unopenable

ERROR: Random File Unopenable

The random file, as specified in the $random_file perl variable was unopenable.

The file was not found on your file system. This means that it has either not been created or the path you have specified in $trrandom_file is incorrect.

McAfee Detects Back Orifice 2000

by Dave Murphy
ISSN 1535-3613

Dave Murphy, ITrain founder Back Orifice 2000 (BO2K), released at DefCon by the Cult of the Dead Cow hacker group, has network administrators scrambling to beef up their network security because once installed on a PC, BO2K grants full access to that network workstation: anything that could have been done at the PC's keyboard can be done remotely by either the network administrator or worse, a system cracker.

BO2K can infect Windows 95/98 workstations as well as Windows NT workstations and servers. It can be delivered as an executable file via an email attachment and gets promulgated much like email-borne PC trojan horses (similar to computer viruses).

The McAfee site includes the following description of BO2K:

The BO2K virus consists of two components - a server program and a client program. It copies itself to the local disk under the name "exe" and installs a reference to that file in the registry. It runs every time the machine restarts. The program hides itself - it is not visible as a task although it is running permanently in the background of your PC. BO2K awaits commands from the client through the network. After the server program is installed on a computer, the person controlling the client has remote control over the machine running the server program. This requires both machines to be connected to the Internet. This control includes recording the keystrokes pressed, restarting or hanging the machine, running, accessing, modifying and transferring files. It can also transmit screenshots. The software also has a program to reconfigure the server application. Filename, TCP/IP port, registry key, password for client-server data exchange and additional DLL can be configured.

To give you a hint about how wide spread the interest in BO2K is, the single article I wrote and posted online has been the most requested page on our sites since June 30th.

What do you think? Are you interested in BO2K? Why? Leave your comments on the message center.

McAfee
Message Center

Subscribe to ITinfo.
Receive computing and Internet news & tips
by subscribing to the ITinfo information service.
Type your Internet email address in the form, and click "Subscribe."
Email Address:

Previous issues are on our website at http://itrain.org/itinfo/.

International Association of Information Technology Trainers
PMB 616
6030-M Marshalee Dr
Elkridge, MD 21075-5987

410.567.5366
1.888.290.6200
fax: 801.650.0423
Membership Director: member@itrain.org

Return to ITrain Homepage

Copyright © 2000 International Association of Information Technology Trainers, Ltd., All Rights Reserved

http://itrain.org/itinfo/1999/it990721.html
updated July 21, 1999