BackOrifice Trojan
Back Orifice (BO) - Remote Administration Sniffer
    Review date: 12.22.2009

Here, you'll find some explanations on how a Trojan horse intrudes a system and how it protects itself from being detected including detailed information on default backdoor ports.

First of all, Backorifice or BO is not a virus. This is a free Win32 based Trojan program. Do not download or upload software unless you have opted to do so. This trojan can affect Windows 95 and Windows 98 system. It does not work on Windows NT.

Detection - Backdoor Rootkit for Windows Hosts
Using nmap and doing a UDP scan for port 31337 against our hosts is the only way that you can really detect BackOrifice's presence on our network. It's a risk to keep the BO server in your computer.

This remote administration tool allows the user to remotely control the operating system, including:

  • System
  • Passwords
  • Network
  • File system
  • Registry
  • Processes
In addition to that, this backdoor has the ability to transfer files, delete, create and modify files on your hard drive.

Besides, Back Orifice trojan needs to be executed by the user for it to be installed. Best of all, once executed and downloaded by the user it will install itself in such a way that it will be active all the time.

Back Orifice adds an entry to the Windows Registry to achieve this. Besides, the client application, running on one machine, may be used to monitor and control online a second machine.


The presence of Back Orifice (BO) installed in the computer will not be evident to the affected user. The size of this trojan file is 124,928 bytes. It can also be slightly more than this size.Troj/NeoBO-A is a Trojan for the Windows platform.



BackOrifice's Features List:
  • Session logging
  • Multiple server connections at once
  • Process control, start, stop, list
  • Graphical remote registry editing
  • Access console programs
  • Network redirection of TCP/IP connections

Latest version known:
  • Back Orifice 1.20
  • Back Orifice 1.3
  • Back Orifice 1.41
  • Back Orifice 2000 1.0 International

Back Orifice Screenshot: Designed with a client-server architecture.

Actions are performed on the server by sending commands from the client to a specific ip address.

If the server machine is not on a static address, it can be located by using the sweep or sweeplist commands from the text client, or from the gui client using the "Ping..." dialog or by putting a target ip of "1.2.3.*". If sweeping a list of subnets, when a server machine responds the client will look in the same directory as subnet list and will display the first line of the first file it finds with the filename of the subnet.

Overall, communication packets used by Back Orifice are encrypted with a user definable key, so only the intended client can control the server.



BO2K Configuration Wizard
Br> Back Orifice Win32 GUI Client 1.20 Patched

Three basic steps to removing Back Orifice:
  • Remove its Registry entry
  • Shut down and restart your system
  • Then delete the actual program.



NOTE: This information is supplied for educational purposes only.
What is Backorifice or BO Trojan?
  • This Trojan downloads other files via the Internet and launches them for execution on the victim machine without the user’s knowledge. Update and download your antivirus databases and perform a full scan of the computer.

    Find here the answers to the most commonly asked questions about trojan horse. Learn how to identify Internet threats and protect yourself online.
Related to Site Reviews
  • Top Firewall Software - Learn about the latest technologies. Besides, we rank the best personal firewall
  • Top 10 Antivirus Software - To read our top-ranked antivirus programs review and see how they work by
  • Free Registry Repair - How to fix the Windows registry and system file errors? Read insightful software
  • Top 10 Antispam - Latest news about new anti-spam products, protection, evaluations, tips and tricks
  • Free Spyware Remover - Looking for anti-spyware that really works? Here's you'll find reviews of the best
  • Subseven Trojan Review - To fight this problem, a spyware removal tool as is a firewall are helpful
2010 Internet Security - Sponsored Sites
VISIT THIS SPONSOR

GFI Software - Leading developer of network security, content security and messaging software. Its product range includes email content exploit checking and anti-virus software; security scanning and patch management tools.
VISIT THIS SPONSOR

Free Anonymous Surfing Trial - This download includes four of Anonymizer's best products: Anonymous surfing, nyms, digital Shredder Lite, and anti-spyware. The application hides your IP address so that the visit appears to be from the proxy
VISIT THIS SPONSOR

Advanced Registry Cleaner - With Registry Mechanic you can safely clean, repair and optimize the Windows registry. Increase system speed and stability by removing orphaned references. Free customer support for all users.