it-e-55 Backdoor
Backdoor programs are typically more dangerous than computer viruses, as they can be
used by an intruder to take control of a PC and potentially gain access to an entire network.
Backdoor programs, also referred to as Trojan horses, are typically sent as attachments to
e-mails with innocent-looking file names, tricking users into installing them. They often enable
remote users to listen in on conversations using the host computer's microphone, or even see
through its video camera if it has one. Back Orifice (BO) 2000 is a backdoor program designed
for malicious use. Its main purpose is to maintain unauthorized control over another machine for
reconfiguration and data collection. It takes the form of a client/server application that can
remotely control a machine without the user's knowledge to gather information, perform system
commands, reconfigure machines and redirect network traffic.
With BO an intruder has to know the user's IP address to connect, or could scan an entire
network looking for the victim. Once connected, the intruder can send requests to the BO 2000
server program, which performs the actions the intruder specifies on the victim's computer,
sending back the results.
BO is installed on the server machine simply through the execution of the server application.
This executable file is originally named bo2k.exe, but it can be renamed. The configuration wizard
will step through the various configuration settings, including the server file (the executable), the
network protocol, port number, encryption, and password. Once this process is complete, running
bo2kgui.exe executes the user interface for BO.
It is very difficult to detect BO, because it is so highly configurable. In addition, backdoor
programs are multi-dimensional, so several detection methods are recommended to achieve maximum
protection and awareness of the installation of BO 2000 on a machine or series of machines on a
network.
We recommend coupling the use of an updated version of anti-virus software to detect
which machines on the network have BO installedand intrusion detection software to identify
attacks over the network.
Users are urged to follow three important precautions:
Do not accept files from Internet chat systems.
If you are connected to the Internet, do not enable network sharing without proper security
in place.
Do not open e-mail attachments: never run any executable files sent to you (.exe files or .zip
files with a.exe in them). It is safer if these are run through a virus checker first, but they could be
new backdoor programs or viruses that a virus scanner will not detect. It is safe to open Word
documents and Excel spreadsheets if the Microsoft Auto-Run feature is turned off. Allowing
macros to run automatically can spread e-mail viruses such as Melissa. Many people send each
other animations in e-mail: it is easy to put a backdoor program into one of these and users
cannot tell when they infect their computers with Back Orifice 2000.
1, potentially [pə'tenʃəli]
adv. 可能地,潜在地