Back Orifice is a client/server application that can gather information, perform system commands, reconfigure machines, and redirect network traffic. By executing the Back Orifice server program on a machine, a user can connect remotely to that specific IP address and perform any of the above actions. Although Back Orifice can be used as a simple monitoring tool, its main purpose is to maintain control over another machine for reconfiguration and data collection. The features of Back Orifice, combined with anonymous, and possibly malicious, control of machines makes it especially dangerous in a networked environment. The specific commands available in Back Orifice are listed later in this alert.
365bea7d8d7bca428a4eecde29a4ae3d6bb15002521201138ea6c41c0db573f7
Internet Security Systems (ISS) X-Force is issuing the third of our quarterly updates on backdoors for Windows 95, 98, and NT. Because of the number of backdoors mentioned in this advisory, there is only a brief description of each backdoor's features and communications protocol. Instead, this update will focus on detection and removal information. This update contains information on DeepThroat 1, 2 and 3, NetSphere 1.30, GateCrasher 1.2, Portal of Doom, GirlFriend 1.3, HackaTack, EvilFTP, phAse Zero, ExploreZip.worm, and SubSeven. ISS X-Force would like to remind you to not run any executables you receive in e-mail, over IRC or ICQ, or via any other means of Internet-based communications.
ff83e9521ec25ffa9f30f69de23ab96c810d551861c794b421c6aef0dbb4da25