http://www.antionline.com/cgi-bin/News?type=antionline&date=07-05-1999&story=BO2k.news Does The Dead Cow Stink? Thursday, July 8, 1999 at 15:05:56 by John Vranesevich - Founder of AntiOnline This Saturday, the Cult of The Dead Cow, a hackgroup that has crossover members in the famed security group L0pht Heavy Industries, is set to release BO2k, the newest version of their Back Orifice Trojan Software. [Snip..] In a press release written by cDc members, they state that: "Back Orifice 2000 is a best-of-breed network administration tool, granting sysadmins access to every Windows machine on their network. Using Back Orifice 2000, network administrators can perform typical desktop support duties without ever leaving their desk. " Ok, so Back Orifice is nothing more than an administration tool then? Something like PC Anywhere, or Timbuktu? Well, it seems that not even the cDc themselves can make up their minds on that one. Back Orifice is designed to be stealthy, hiding itself on a system so that it can't be easily detected. The cDc has released third-party plugins for the software which allows it to be hidden within other installs. In other words, that next version of solitaire that you install may also install Back Orifice without your knowledge. Other third-party plugins being distributed by the cDc include ones that send out an e-mail with the IP of the 'infected' machine every time it logs online, and even one which causes the 'infected' machine to go on IRC and announce its presence without the user's knowledge. [This behaviour can be found in the Microsoft Systems Management Server. So is Microsoft just as guilty? (reference: this zdnet article)] [snip..] Several software vendors, including ISS, the makers of RealSecure, have asked for advanced copies of the software, so that they can update their software to protect users from becoming 'infected' by BO2k. The cDc has refused all of those requests. In a phone interview, Chris Rouland, head of ISS' X-Force, told AntiOnline that the cDc replied to his request for a pre-release with a sarcastic reply which read in part: We will gladly provide you with the software you desire if and only if you will, in exchange, grant us one million dollars and a monster truck. [And this is any worse than ISS holding security vulnerabilities back from NAI or bugtraq, while they utilize them for market advantage in their scanner?] [snip..] Terrance Kawles, Vice President and General Council of Codex Data Systems Inc., told AntiOnline in a phone interview this afternoon that "if the cDc released a product to combat their own creation, one may consider that to amount to the equivilent of cyber protection. What's the difference in that and some mob guy saying we will protect your grocery store from being robbed, oh, by the way, it's going to cost you $300 a week. It could come very close to criminal extortion or racketeering. It is irresponsible, and as such, they can not deem to take the high road, there is no reason for them to release this software except for some sort of motive of profit or fame." [Another amusing comment. This time from Codex Data Systems, makers of the 'DIRT' product, which is said to be a glorified ripoff of cDc's original Back Orifice. Perhaps they don't like competition since they charge gobs of money for theirs, while cDc's version is completely free?] Mr. Kawles went on to say that he would "urge the cDc to seriously reconsider releasing this software and source code to the general public. They have gotten plenty of publicity, and if they wrote a [This urging coming from someone who won't release their program to anyone outside of law enforcement? Let alone not releasing their source code to their clients?] white paper, and did a demo, that would accomplish what their claimed goals are. Releasing BO2k and its source code to 300,000 script kiddies is the sort of exposure that doesn't hurt Microsoft, but hurts the very people that the cDc claim they are seeking to protect."