![]() Under Windows 95/98 server execution string is written to: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices to install itself hideously to someone's system it writes itself to \Windows\System\ or \WinNT\System32\ folders under a name specified during configuration (default is UMGR32.EXE). Well before its weekend release into the wild, Microsoft had been actively campaigning against BO2K while security and Antivirus software vendors were communicating with CDC trying to obtain advance copies to study.When the server part is configured to act like a trojan i.e. Trend Micro and Internet Security Systems (Nasdaq: ISSX) are among the other companies who have responded to the threat. Network Associates (Nasdaq: NETA) dispatched their Anti-Virus Emergency Response Team, who also promptly made protection available. Symantec, (Nasdaq: SYMC) for instance, quickly posted technical and specific removal notes through its AntiVirus Research Center. But, if the worst-case scenario does occur - the program is designed to be invisible to the user - assistance is available.Īs they have done with other recent virus-like threats that have spread online, utility software vendors - after receiving a copy of BO2K - raced to analyze and post a solution on their Web sites. Users are also advised to have proper security options when connected to the Internet with network file sharing enabled, to set e-mail client software security settings to high and not to accept files from Internet chat systems. Security experts advise a number of obvious measures that individuals and e-businesses can take to prevent infection, which include avoiding e-mail attachments - particularly from unfamiliar sources. Additionally, stronger encryption included with this new version will make it more difficult to detect.īO2K spreads largely by way of e-mail contact, and thus has the potential to proliferate across the web in the manner of W32/ExploreZip.worm. The program is open-source, so there will possibly be multiple variations. This means, of course, that businesses - including e-commerce operations - could be impacted. The program is a new version of Back Orifice released last year by the same group.īO2K, however, not only does Windows, it now works with NT. While hacker group Cult of the Dead Cow (CDC) held a press conference, announcing the release of Back Orifice 2000 (BO2K) to a throng of celebrants attending the DEFCON convention in Las Vegas, researchers were anxiously awaiting their own copy in order to provide users with a defense.Ĭonsisting of a server and client application, BO2K is a backdoor trojan horse program that, once installed on a Windows-based system, allows remote access for monitoring and controlling activity. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. Archives
December 2022
Categories |