Public Release: 

Program Released On The Internet Can Allow Hackers To Take Control Of Computers

New Scientist

Your Computer In Their Power

A MALICIOUS computer program that can take over the computer running it has been released on the Internet. The program allows hackers to secretly control a machine over a local network or the Internet.

The program, which can affect computers running Microsoft Windows 95 or 98, was released earlier this month by a group of hackers calling themselves the Cult of the Dead Cow. So far, about 50 000 people have downloaded the program from its website, the group claims. The program is called Back Orifice, a reference to a Microsoft program called Back Office.

A copy can be placed on a machine without the legitimate user's knowledge, or a user may download and run Back Orifice without realising what it is. "Once it launches itself on a system, the other guy is controlling that system like a puppet," says Dan Takata, a security analyst with Internet Security Systems, an Atlanta company which has released a virus checker that scans for the program.

To take over a computer that has Back Orifice installed on it, a hacker would use other Back Orifice software to track down someone who is running the program. The hacker could then do everything that the legitimate user can do and more-from installing software to viewing passwords-but without the legitimate user ever knowing.

In a statement, members of the Cult of the Dead Cow said they were releasing the program to draw attention to what they claim are security flaws in Microsoft's Windows operating system. Takata says the program can do all the group claims, and is definitely a danger. But he also says the security problems exploited aren't unique to Windows.

"It goes with the territory," he says. "Basically, the only way you can completely secure your system is not to have it connected."

Author: Kurt Kleiner New Scientist issue 22nd August 1998, page 24



Disclaimer: AAAS and EurekAlert! are not responsible for the accuracy of news releases posted to EurekAlert! by contributing institutions or for the use of any information through the EurekAlert system.