BackOrifice Trojan
Back Orifice (BO) - Remote Administration Sniffer
    Review date: 08.10.2010

A Trojan horse is not really a virus. The Back Orifice is an intruder tool that consists of two pieces, a client application and a server application. Here, you'll find some explanations on how a Trojan horse (BO) intrudes a system and how it protects itself from being detected including detailed information on default backdoor ports.

First of all, Backorifice or BO is not a virus. This is a free Win32 based Trojan program. Do not download or upload software unless you have opted to do so. This trojan can affect Windows 95 and Windows 98 system. It does not work on Windows NT.

Detection - Backdoor Rootkit for Windows Hosts
Using nmap and doing a UDP scan for port 31337 against our hosts is the only way that you can really detect BackOrifice's presence on our network. It's a risk to keep the BO server in your computer.

Designed to work on Windows 95 and 98 machines, this remote administration tool allows the user to remotely control the operating system, including:

  • System
  • Passwords
  • Network
  • File system
  • Registry
  • Processes
In addition to that, this backdoor has the ability to transfer files, delete, create and modify files on your hard drive.

Besides, Back Orifice trojan needs to be executed by the user for it to be installed. Best of all, once executed and downloaded by the user it will install itself in such a way that it will be active all the time.

Back Orifice adds an entry to the Windows Registry to achieve this. Besides, the client application, running on one machine, may be used to monitor and control online a second machine.


The presence of Back Orifice (BO) installed in the computer will not be evident to the affected user. The size of this trojan file is 124,928 bytes. It can also be slightly more than this size.Troj/NeoBO-A is a Trojan for the Windows platform.



BackOrifice's Features List:
  • Enables to restart the computer.
  • Executes any program.
  • Forces the computer to lock up or freeze.
  • Session logging
  • Multiple server connections at once
  • Process control, start, stop, list
  • Graphical remote registry editing
  • Access console programs
  • Network redirection of TCP/IP connections

Latest version known:
  • Back Orifice 1.20
  • Back Orifice 1.3
  • Back Orifice 1.41
  • Back Orifice 2000 1.0 International

Back Orifice Screenshot: Designed with a client-server architecture.

Actions are performed on the server by sending commands from the client to a specific ip address.

In the event you do inadvertently install a Trojan horse and if the server machine is not on a static address, it can be located by using the sweep or sweeplist commands from the text client, or from the gui client using the "Ping..." dialog or by putting a target ip of "1.2.3.*". If sweeping a list of subnets, when a server machine responds the client will look in the same directory as subnet list and will display the first line of the first file it finds with the filename of the subnet.

Overall, communication packets used by Back Orifice are encrypted with a user definable key, so only the intended client can control the server.



BO2K Configuration Wizard
Br> Back Orifice Win32 GUI Client 1.20 Patched

Three basic steps to removing Back Orifice:
  • Remove its Registry entry
  • Shut down and restart your system
  • Then delete the actual program.



NOTE: This information is supplied for educational purposes only.
What is Backorifice or BO Trojan?
  • This Trojan downloads other files via the Internet and launches them for execution on the victim machine without the user’s knowledge. Update and download your antivirus databases and perform a full scan of the computer.

    Most today's anti-virus programs will guard against Trojan horses and remove them should they be installed.

    Find here the answers to the most commonly asked questions about trojan horse. Learn how to identify Internet threats and protect yourself online.
Related to Site Reviews
  • Top Firewall Software - Learn about the latest technologies. Besides, we rank the best personal firewall
  • Top 10 Antivirus Software - To read our top-ranked antivirus programs review and see how they work by
  • Free Registry Repair - How to fix the Windows registry and system file errors? Read insightful software
  • Top 10 Antispam - Latest news about new anti-spam products, protection, evaluations, tips and tricks
  • Free Spyware Remover - Looking for anti-spyware that really works? Here's you'll find reviews of the best
  • Subseven Trojan Review - To fight this problem, a spyware removal tool as is a firewall are helpful
2010 Internet Security - Sponsored Sites
VISIT THIS SPONSOR

Max Keylogger - Monitoring Software - allows you to record every activity happens on your computer, track Internet session and have it delivered to your email. It can be the best choice for those do not want to struggle with PC configuration issues. Free trial version.
VISIT THIS SPONSOR

Free Spyware Remover - Most computers that are connected to the internet today are infected by some sort of adware and spyware. You may have invested in the best security tools, but still it is advisable to use...
VISIT THIS SPONSOR

SecureUninstaller - It removes any unwanted pc software. Besides, it frees up disk space and speeding up your personal computer. Best of all, the program can remove programs on three different levels.