Trojan Horse Making the Rounds on Campus

By Joel Jaeggli (joelja@darkwing.uoregon.edu)

A new trojan horse called "Back Orifice" appears to be making the rounds of Windows 95/98-based machines on campus. Unlike a computer virus, a trojan horse cannot be transmitted without human intervention.

Like the original steed of Greek fame, Back Orifice is most often cleverly disguised. It frequently appears as something you'd be least likely to suspect, including applications found on the Internet or received as attachments to email messages. To further confuse you, applications which contain or install Back Orifice may still work or appear to work correctly, meanwhile installing the trojan program invisibly in the background.

Applications that have contained Back Orifice in the past have included, among others, an application that purports to detect Back Orifice and a pornographic tetris game Realistically, the treacherous program could be part of any application coming from a questionable source.

If installed, Back Orifice can allow hackers on the Internet to view the contents of your machine, edit files, capture keystrokes, and carry out attacks against other Internet hosts using your machine as a proxy for their own activity. Any or all of these actions have potentially serious security and privacy implications which make it in the interest of users to ensure their machine is clean.

How to Detect Back Orifice: The best way to check for Back Orifice is to install the latest version of Norton Antivirus for Windows, either by ftp from public.uoregon.edu or from the Duckware CD. The Norton utility will automatically detect and remove Back Orifice as well as several hundred other viruses and trojans. Or, you could use a single-purpose utility like "BoDetect" to detect its presence. You'll find "BoDetect" at http://www.spiritone.com/~cbenson/current_projects/backorifice/backorifice.htm