Back Orifice (aka BackOrifice2K) is a cyber threat from the top of danger level scale. It’s a very dangerous Remote Administration Tool that helps cyber criminals to access your computer from a remove control and do with it whatever they want. Regarding a number of malicious activities that this Back Orifice Trojan can initiate surpassed other cyber threats, such as ransomware or spyware. This remove administration tool has been developed by a group of people who call themselves “The Cult of the Dead Cow”. It was written in C++ programming language. It has started spreading in 1995, which is a long time ago, so it’s natural that various diverse versions of this threat have emerged. Some of the versions include such functions as “hijacker”, “password capture”, “keylogger” etc.
What activities does Back Orifice perform?
Back Orifice Remote Administration Tool is programmed to access computers remotely and then perform various diverse functions. To illustrate what abilities this application has, we will list some of its traits. Back Orifice can:
- Spawn a text-based application on a TCP port.
- Stop an application from listening for connections.
- List the applications currently listening for connections.
- Create a directory. Lists files and directory. You must specify a wildcard if you want more than one file to be listed. Removes a directory.
- Create an export on the server. Deletes an export.
- List currently shared resources (name, drive, access, password).
- Log keystrokes on the server machine to a text file. Ends keyboard logging. To end keyboard logging from the text client, use ‘keylog stop’.
- Disconnect the server machine from a network resource. Connects the server machine to a network resource.
- View all network interfaces, domains, servers, and exports visible from the server machine.
- Ping the host machine.
- Return the machine name and the BO version number.
- Execute a Back Orifice plugin. Tell a specific plugin to shut down. List active plugins or the return value of a plugin that has existed.
- Redirect incomming tcp connections or UDP packets to another IP address. Stop a port redirection.
- Create a key in the registry. Delete a key from the registry. Delete a value from the registy, etc.
How can Back Orifice infect the system?
According to security experts, it’s not possible to know when Back Orifice’s attack is taking place, so it’s very important to ensure a full system protection. Typically, cyber criminals who monitor this infection is spread via spam e-mails. Once a computer user clicks on the attachment, the virus is executed and roots deep into the system. Consequently, the machine can start working abnormally because hacked may start viewing and modifying the files and registries on your computer. Back Orifice Trojan can log your keystrokes, log files, take screen shots and send them to hackers or can simply crash the computer. Thus, this virus needs removal ASAP. It goes without saying that such a malicious application cannot be removed manually. Thus, if you suspect it to be hiding in your computer, our recommendation would be to check the system with Reimage, Malwarebytes MalwarebytesCombo Cleaner, Plumbytes Anti-MalwareMalwarebytes Malwarebytes.