Does The Dead Cow Stink? 
   Thursday, July 8, 1999 at 15:05:56
   by John Vranesevich - Founder of AntiOnline 

   This Saturday, the Cult of The Dead Cow, a hackgroup that has crossover members in the famed security
   group L0pht Heavy Industries, is set to release BO2k, the newest version of their Back Orifice Trojan


   In a press release written by cDc members, they state that:
   "Back Orifice 2000 is a best-of-breed network administration tool, granting sysadmins access to every
   Windows machine on their network. Using Back Orifice 2000, network administrators can perform typical
   desktop support duties without ever leaving their desk. "

   Ok, so Back Orifice is nothing more than an administration tool then? Something like PC Anywhere, or
   Timbuktu? Well, it seems that not even the cDc themselves can make up their minds on that one.
   Back Orifice is designed to be stealthy, hiding itself on a system so that it can't be easily
   detected. The cDc has released third-party plugins for the software which allows it to be hidden
   within other installs. In other words, that next version of solitaire that you install may also
   install Back Orifice without your knowledge. Other third-party plugins being distributed by the cDc
   include ones that send out an e-mail with the IP of the 'infected' machine every time it logs online,
   and even one which causes the 'infected' machine to go on IRC and announce its presence without the
   user's knowledge.

[This behaviour can be found in the Microsoft Systems Management Server.
 So is Microsoft just as guilty? (reference: this zdnet article)]


   Several software vendors, including ISS, the makers of RealSecure, have asked for advanced copies of
   the software, so that they can update their software to protect users from becoming 'infected' by
   BO2k. The cDc has refused all of those requests. In a phone interview, Chris Rouland, head of ISS'
   X-Force, told AntiOnline that the cDc replied to his request for a pre-release with a sarcastic reply
   which read in part:
   We will gladly provide you with the software you desire if and only if you will, in exchange, grant
   us one million dollars and a monster truck.

[And this is any worse than ISS holding security vulnerabilities back from NAI or
 bugtraq, while they utilize them for market advantage in their scanner?]


   Terrance Kawles, Vice President and General Council of Codex Data Systems Inc., told AntiOnline in a
   phone interview this afternoon that "if the cDc released a product to combat their own creation, one
   may consider that to amount to the equivilent of cyber protection. What's the difference in that and
   some mob guy saying we will protect your grocery store from being robbed, oh, by the way, it's going
   to cost you $300 a week. It could come very close to criminal extortion or racketeering. It is
   irresponsible, and as such, they can not deem to take the high road, there is no reason for them to
   release this software except for some sort of motive of profit or fame."

[Another amusing comment. This time from Codex Data Systems, makers of the 
 'DIRT' product, which is said to be a glorified ripoff of cDc's original Back Orifice.
 Perhaps they don't like competition since they charge gobs of money for theirs, while 
 cDc's version is completely free?]

   Mr. Kawles went on to say that he would "urge the cDc to seriously reconsider releasing this software
   and source code to the general public. They have gotten plenty of publicity, and if they wrote a

[This urging coming from someone who won't release their program to anyone outside
 of law enforcement? Let alone not releasing their source code to their clients?]

   white paper, and did a demo, that would accomplish what their claimed goals are. Releasing BO2k and
   its source code to 300,000 script kiddies is the sort of exposure that doesn't hurt Microsoft, but
   hurts the very people that the cDc claim they are seeking to protect."