[Snort-sigs] Description for BACKDOOR Back Orifice access
Andrew Hintz (Drew)
mail.drew at ...486...
Tue Apr 2 04:07:49 EST 2002
BACKDOOR Back Orifice access
Someone, most likely an attacker, is accessing Back Orifice. Back Orifice is a remote administration and backdoor program for Windows.
The attacker already has complete control of the machine.
Back Orifice is one of the most popular backdoors for Windows. It gives an attacker complete control of the infected computer.
The attacker has complete control over the infected computer. The attacker can do things such as read or change any files on the computer, attack other computers using the infected computer, and execute any program on the computer.
In order to install Back Orifice on the infected machine, the attacker either used a different vulnerability to initially take control of the computer, or tricked a user of the computer to unknowingly install Back Orifice.
Ease of Attack:
Very low probability, unless you have intentionally installed Back Orifice.
There are several optional encryption plugins for Back Orifice which will prevent IDSs from detecting the use of Back Orifice.
Unless Back Orifice has been intentionally installed, it should be removed from the afflicted computer. For instructions on removing it, visit http://www.irchelp.org/irchelp/security/bo.html
Andrew Hintz ( http://guh.nu )
Details on removing Back Orifice: http://www.irchelp.org/irchelp/security/bo.html
Back Orifice website: http://bo2k.sourceforge.net/
--Begin PGP Fingerprint--
3C6C F712 0A52 BD33 C518 5798 9014 CA99 2DA0 5E78
--End PGP Fingerprint--
More information about the Snort-sigs