back orifice

Back Orifice is a remote administration tool that allows system administrators to control a computer from a remote location (i.e. across the internet). It is a highly dangerous backdoor designed by a cracking group called the Cult of the Dead Cow Communications. It is usually distributed by malicious people in the form of aTrojan Horse attack During installation, it does not give any indication of what is really going on.To ease distribution, BO can also be attached to any other windows executable which will run normally after installing the server. Once installed, the server is intentionally difficult to detect on your machine.

The Back Orifice Server Contains the Following Functionality

System control

Create dialog boxes with the text of your choice. Log keystrokes. Lockup or reboot the machine.

Get detailed system information, including:

• current user
• cpu type
• windows version
• memory usage
• mounted disks
  (including hard drives, cdroms, removable drives and remote network drives) and information for those drives
• screensaver password
• passwords cached by the user
  (including those for dialups, web and network access, and any other password cached by the operating system)

File system control
Copy, rename, delete, view, and search files and directories. File compression and decompression.

Application redirection

Spawn most console applications (such as command.com) on any TCP port, allowing control of applications via a telnet session.

HTTP server  Upload and download files on any port using a www client such as Netscape. Integrated packet sniffer Monitor network packets, logging any plaintext passwords that pass. Plugin interface Write your own plugins and execute the native code of your choice in BO's hidden system process. you can read more at  http://www.irchelp.org/irchelp/security/bo.html http://boxp.sourceforge.net/smaug/smaug-index.php