Hubbry Logo
Back OrificeBack OrificeMain
Open search
Back Orifice
Community hub
Back Orifice
logo
7 pages, 0 posts
0 subscribers
Be the first to start a discussion here.
Be the first to start a discussion here.
Back Orifice
Back Orifice
Back Orifice
View on Wikipedia
from Wikipedia
Back Orifice
DeveloperSir Dystic (cDc)
Stable release
1.20 / August 3, 1998
Operating systemMicrosoft Windows 9x,
UNIX-systems (client only)
TypeRemote administration
LicenseFreeware,
(source distribution, UNIX client)
WebsiteBack Orifice Homepage

Back Orifice (often shortened to BO) is a computer program designed for remote system administration. It enables a user to control a computer running the Microsoft Windows operating system from a remote location.[1] The name is a play on words on Microsoft BackOffice Server software. It can also control multiple computers at the same time using imaging.

Back Orifice has a client–server architecture.[2] A small and unobtrusive server program is on one machine, which is remotely manipulated by a client program with a graphical user interface on another computer system. The two components communicate with one another using the TCP and/or UDP network protocols. In reference to the Leet phenomenon, this program commonly runs on port 31337.[3]

The program debuted at DEF CON 6 on August 1, 1998 and was the brainchild of Sir Dystic, a member of the U.S. hacker organization Cult of the Dead Cow. According to the group, its purpose was to demonstrate the lack of security in Microsoft's Windows 9x series of operating systems.

Although Back Orifice has legitimate purposes, such as remote administration, other factors make it suitable for illicit uses. The server can hide from cursory looks by users of the system. Since the server can be installed without user interaction, it can be distributed as the payload of a Trojan horse.

For those and other reasons, the antivirus industry immediately categorized the tool as malware and appended Back Orifice to their quarantine lists. Despite this fact, it was widely used by script kiddies because of its simple GUI and ease of installation.

Two sequel applications followed it, Back Orifice 2000, released in 1999, and Deep Back Orifice by French Canadian hacking group QHA.

See also

[edit]

References

[edit]
[edit]
Revisions and contributorsEdit on WikipediaRead on Wikipedia

Back Orifice

View on Grokipedia
from Grokipedia
Back Orifice is a remote administration tool developed by the hacker group Cult of the Dead Cow, released on July 21, 1998, that allows users to control Windows 95 and 98 systems over TCP/IP networks using either a command-line interface or graphical user interface. The software functions as a client-server application, with the server component installing on the target machine to enable features such as keystroke logging, file manipulation, process management, registry editing, screenshot capture, and system rebooting, all while running hidden and restarting automatically after reboots. Debuted at the DEF CON 6 conference, Back Orifice was positioned by its creators as a demonstration of Microsoft Windows' inherent security weaknesses, particularly the lack of built-in protections against remote access trojans in consumer editions, rather than exploiting specific vulnerabilities. Microsoft countered that the tool required deliberate user installation or social engineering to deploy, emphasizing it posed no risk to properly managed systems and did not indicate flaws in the operating system's core design. Despite this, the release sparked widespread debate on remote access risks, prompted antivirus vendors to develop detections treating it as a trojan horse, and influenced subsequent tools like Back Orifice 2000, highlighting early internet-era concerns over unsecured personal computers.

Development and History

Origins and Cult of the Dead Cow Involvement

The (cDc), a pioneering collective, originated in 1984 in , initially as a forum for like-minded individuals to hone technical skills through exploratory coding and system probing, evolving by the late into a hacktivist entity dedicated to unveiling flaws in ecosystems via purpose-built tools that demonstrated inherent vulnerabilities rather than mere exploits. This ethos stemmed from a conviction that closed-source architectures, by design, obscured accountability for security lapses, prompting cDc to prioritize open dissemination of proof-of-concept utilities to compel industry reforms. Back Orifice emerged from this framework in the mid-1990s amid growing scrutiny of Windows 95 and 98, where cDc developers discerned systemic deficiencies in protocols—arising not from isolated bugs but from the platforms' foundational reliance on unencrypted, userland-accessible networking stacks that prioritized over fortified access controls in environments. The tool's conception targeted these causal weaknesses, enabling unauthorized oversight to underscore how Windows' architecture facilitated surreptitious control without necessitating kernel-level privileges or overt exploits, a rooted in dissecting the operating systems' default configurations. Primary authorship fell to Sir Dystic, a core cDc member whose implementation encapsulated the group's strategy of crafting lean, demonstrative software to spotlight proprietary oversights, with development conducted covertly to evade preemptive corporate interference. cDc reinforced transparency by timing major releases for the annual DEF CON conference, a venue for unfiltered security discourse, ensuring Back Orifice's unveiling aligned with this tradition of public accountability over clandestine hoarding.

Release and Initial Distribution

Back Orifice was announced by the (cDc) on July 21, 1998, in , with the group issuing a statement highlighting security concerns for Microsoft Windows systems on networks. The software made its formal debut at the DEF CON 6 conference in on August 1, 1998, where cDc members presented it to attendees as a tool exposing vulnerabilities in Windows networking. Following the presentation, Back Orifice became freely available for download from the cDc website starting August 3, 1998, facilitating its rapid spread among hacker communities and online forums. Within days, over 35,000 copies were downloaded from the cDc site alone, with additional dissemination occurring through sharing in underground channels. The binary executable was released without accompanying , though it included a plugin interface for extensions. cDc initially positioned Back Orifice as a tool for purposes like and , claiming it underscored the ease of unauthorized access due to Windows' default configurations. This framing sought to prompt empirical awareness of networked risks, though countered that the tool relied on user-installed backdoors rather than inherent platform flaws.

Evolution to Back Orifice 2000

Back Orifice 2000 (BO2K), the successor to the original Back Orifice, was announced and released on July 10, 1999, at 7 in by the (cDc). The development was led primarily by cDc member DilDog (), with contributions from Sir Dystic, the originator of the initial Back Orifice. Released as under the GNU Public License, BO2K aimed to provide enhanced remote administration capabilities for Windows systems, building directly on feedback from the original's deployment. Key evolutions included an extended modular plugin architecture, enabling users to add functionalities such as through plugins like CAST-256, which addressed the original Back Orifice's detectability issues stemming from its unencrypted UDP-based communications. This plugin system allowed for customizable extensions, improving flexibility and stealth by permitting encrypted TCP or UDP connections on configurable ports (defaulting to TCP 54320 or UDP 54321). While preserving the core ethos of unauthorized , these changes made BO2K more adaptable for network administration or penetration testing scenarios. BO2K expanded compatibility beyond the original's Windows focus by supporting client interfaces on systems alongside Windows, facilitating cross-platform remote management of Windows servers (targeting 95/98 and NT). The server component remained Windows-specific for installation, but the modular design and multi-connection support enhanced overall usability without altering the fundamental client-server model.

Technical Details

Core Functionality

Back Orifice functions as a client-server tool targeting and 98 systems. The server executable, once installed and executed on the target machine, listens for incoming connections over UDP, defaulting to 31337, allowing the client application to establish control without relying on TCP ports commonly monitored by firewalls. This UDP-based protocol enables communication that can evade detection by network tools scanning for standard service ports, though it requires the server to be explicitly placed and run on the host, typically via social engineering or bundled with legitimate software. Core capabilities include to record user inputs into a file, manipulation such as viewing, copying, renaming, deleting, or searching files, and uploading or downloading files between client and server. The tool supports screen capture to obtain screenshots of the remote desktop, execution of arbitrary programs or system commands, and system operations like rebooting or locking the machine. If a is connected, it can facilitate audio by streaming sound from the target. These features collectively permit comprehensive monitoring and manipulation, but activation depends on the server's prior installation rather than exploiting inherent operating system flaws.

Installation Mechanisms and Server Operation

Back Orifice deploys its server component through social engineering tactics, where users are induced to execute a seemingly innocuous file, such as a game or utility, often distributed via email attachments, downloads, or physical media in 1998. Upon execution, the installer extracts the core server executable, BOSERVER.EXE, typically placing it in the Windows system directory (e.g., C:\Windows\System\), and configures persistence by adding registry entries under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run to launch automatically on system startup. The installer then self-deletes to minimize forensic traces, leaving the server to initialize as a hidden background process without visible indicators to the user. In operation, BOSERVER.EXE functions as a persistent listener daemon, binding to UDP port 31337 (a reference to hacker slang for "elite") and awaiting inbound connections from authorized clients. Absent default authentication mechanisms, access relies solely on the attacker's knowledge of the victim's and , enabling direct command-and-control once connected over TCP/IP. The server processes incoming datagrams in a , executing directives with the privileges of the installing user—often administrative if the executable was run without restrictions—while maintaining low resource usage and evading casual detection through process name or integration with system services. This runtime behavior persists across reboots via the registry hook, ensuring continuous availability for unless manually removed or disrupted by antivirus scanning.

Client Interface and Control Features

The client interface for Back Orifice operates via two Windows-compatible applications: boclient.exe, a command-line text-based tool for establishing connections and issuing controls, and bogui.exe, a providing visual menus and real-time feedback for remote operations. These clients connect to the server component on compromised Windows 95 or 98 systems using the target's and configured UDP port, typically defaulting to port 31337 unless altered. , if enabled, requires a set during server configuration to restrict unauthorized access. Server parameters, including the disguised executable filename, listening port, encryption password, and plugin loading options, are customized using boconfig.exe prior to deployment, allowing operators to tailor the backdoor for stealth and functionality without recompiling code. Upon connection, the interface supports core control features such as remote command execution, file enumeration, upload/download operations, and registry manipulation, enabling operators to treat the target as an extension of their local system. Key capabilities include keystroke capture for logging user input, screenshot grabs to monitor visual activity, and extraction of cached credentials like RAS dial-up passwords stored in the . Drive access simulates mapping through directory browsing and commands, permitting operators to navigate and manipulate remote storage as if locally mounted, though without native Windows . Security analyses of the distributed binaries confirmed these features align with Cult of the Dead Cow's documented intent for , with no detected hidden payloads beyond the stated backdoor mechanics.

Compatibility and Technical Limitations

Back Orifice's server executable was compatible solely with the consumer-oriented and systems, exploiting their model and 16-bit compatibility layers for installation and operation. The tool's relied on these platforms' lax model, rendering it inoperable on Windows NT-based systems like or without significant modifications, as the latter employed a more robust, protected kernel that prevented the necessary low-level hooks. Communication between the client and server utilized unencrypted UDP packets, defaulting to port 31337 for command reception, which exposed traffic to interception via packet sniffing tools prevalent in network administration by 1998. This protocol choice made Back Orifice vulnerable to blocking by early firewalls or routers configured to filter outbound UDP traffic on non-standard ports, as well as detection through simple for anomalous patterns. The connectionless nature of UDP contributed to operational unreliability, with potential under leading to dropped commands, incomplete file transfers, or delayed responses in remote sessions, though no standardized benchmarks quantified typical latency figures from contemporaneous testing. vendors, including those scanning for known trojan signatures, rapidly incorporated detection for the 123 KB server binary post its August 1998 release, further constraining its deployability on updated systems.

Reception and Immediate Impact

Hacker Community and DEF CON Demonstrations

At the 6 conference held August 1–2, 1998, in , members of the (cDc) publicly demonstrated Back Orifice, attracting a standing-room-only crowd to witness live of and 98 test machines over a network. The demonstrations highlighted the tool's capabilities, such as , file access, and screen capture, by infecting volunteer systems and executing commands in real time to underscore unpatched remote access vulnerabilities in Microsoft's consumer operating systems. Within underground hacker forums and mailing lists, Back Orifice garnered acclaim as an open-source proof-of-concept that exposed the opacity of proprietary Windows architecture, enabling empirical scrutiny of its security flaws without relying on vendor disclosures. Participants viewed the release as a direct challenge to software monopolies, praising cDc's decision to distribute the source code freely, which facilitated peer verification of its mechanisms and contrasted with closed-source alternatives that obscured potential exploits. Hackers quickly produced modified versions of Back Orifice, including client adaptations for Unix and Macintosh systems, as well as altered server builds for testing in controlled environments, extending its utility for vulnerability research beyond the original Windows targets. These forks emphasized defensive analysis, such as logging infection vectors on university networks, rather than offensive deployment, aligning with community efforts to document and mitigate similar backdoor risks empirically.

Media Coverage and Public Awareness

Following its unveiling at DEF CON 6 on August 1, 1998, Back Orifice garnered immediate attention from technology media outlets, which often framed it as a potent threat to ordinary Windows users. Publications like Wired described the tool as enabling "malicious peeping Toms" to remotely monitor and control Windows 95 or 98 systems, emphasizing its potential for unauthorized surveillance and data theft. Similarly, The New York Times reported claims by the Cult of the Dead Cow that the program exploited inherent Microsoft security weaknesses, positioning it as a direct challenge to consumer computing safety. These portrayals, while highlighting real risks of remote access abuse, amplified public perception of Back Orifice as an accessible "hacker weapon" capable of infiltrating everyday PCs. Coverage extended to questioning its dual nature, with on August 10, 1998, debating whether Back Orifice constituted a genuine danger or merely an educational demonstration, noting that its release prompted widespread experimentation among novice users, including concerns that "every 14-year-old that wants to be a will try it." Wired further reported on August 7 that the program was "spreading fast," with internet service providers confirming instances of its deployment, which fueled online discussions and heightened scrutiny of Windows vulnerabilities. This surge in visibility, absent direct endorsements of alarmist views, contributed to broader dialogues on personal cybersecurity, as reports detailed the tool's 123 KB server component requiring deliberate installation—often via social engineering tactics like Trojan horses—rather than automatic propagation through operating system flaws. Microsoft's contemporaneous response, outlined in Security Bulletin MS98-010, countered media hype by asserting that Back Orifice exploited no inherent Windows flaws and necessitated user-initiated installation on the target machine, a point echoed in factual analyses that debunked notions of effortless, zero-interaction infection. Such clarifications in reporting helped temper , fostering awareness of user responsibility in and the importance of vigilance against disguised executables, thereby elevating baseline consciousness of risks without overstating the tool's autonomous capabilities.

Controversies and Debates

Microsoft's Denial of Vulnerabilities

On August 4, 1998, Microsoft released Security Bulletin MS98-010, providing an official assessment of Back Orifice following its demonstration at DEF CON VI. The bulletin explicitly stated that "Back Orifice does not expose or exploit any security issue regarding Windows, Windows NT, or the Microsoft BackOffice suite of products," positioning the tool as a user-installed application rather than a exploit of systemic flaws. Microsoft argued that effective deployment of Back Orifice necessitated the target user to first install the server component, often disguised as innocuous software or tricked through social engineering tactics like executable file extensions mimicking safe formats (e.g., .exe masquerading as .txt). This requirement underscored the company's view that vulnerabilities stemmed from behavioral risks—such as executing untrusted binaries—rather than architectural weaknesses in or 98, which lacked remote code execution paths independent of user consent. No patches were issued for the operating system itself, as the analysis found no underlying code defects to address. The bulletin reinforced this denial by noting Back Orifice's incompatibility with , further evidencing no broad OS-level exposure, and recommended mitigations centered on user and , including blocking unsigned executables and avoiding downloads from unknown sources. Empirical observations of Back Orifice incidents aligned with this, as infections predominantly occurred via deliberate or deceived installations rather than automatic propagation exploiting kernel or network stack errors.

Ethical Concerns Over Dual-Use Technology

Back Orifice, released by the (cDc) on August 1, 1998, embodies , offering capabilities for legitimate remote system administration while enabling unauthorized intrusions. In controlled environments, such as trusted internal networks, it allows administrators to execute commands, transfer files, and monitor activity on /98 systems, positioning it as a tool for efficient management akin to commercial remote access software. cDc emphasized this utility in (BO2k), released July 10, 1999, by open-sourcing the code under the GNU Public License to permit scrutiny and adaptation by IT professionals. However, its server component installs stealthily without user consent, binds to TCP/UDP ports, and supports features like and password capture, which inherently facilitate abuse beyond authorized contexts. Critics highlighted the risks of empowering unskilled attackers, or "script kiddies," by providing a ready-made, user-friendly interface for exploitation without requiring deep technical . Post-release, verifiable malicious deployments included infections on a U.S. university's residential network in February 2001, where Back Orifice spread via shared files disguised as media or games, granting to compromise multiple student machines. Such incidents, often bundled with trojans like Silk Rope, demonstrated how the tool served as a for sustained access, file theft, and denial-of-service via plugins like Butt Trumpet, which flooded SMTP servers. These abuses underscored concerns that dual-use tools democratize harm, potentially amplifying threats from authors who repackage it for broader distribution. In defense, cDc argued that transparency in tool design fosters stronger defenses by exposing flaws in systems like Windows, which they critiqued for fostering a false sense of . By making public, BO2k invited community verification and improvements, contrasting with closed ecosystems that delay disclosure; cDc member Deth Vegetable noted this approach builds trust, as "it’s a lot easier to trust something you can look at." They maintained the tool's release compelled to address systemic weaknesses, prioritizing long-term security awareness over short-term misuse risks, though this view assumes users prioritize ethical deployment—a premise challenged by observed trojan integrations.

Accusations of Malicious Intent Versus Security Demonstration

The (cDc) positioned Back Orifice explicitly as a tool to expose inherent security flaws in and 98, emphasizing that it functioned as a utility rather than self-propagating . Developers stated that the software required deliberate user installation on the target machine, lacking any autonomous replication mechanism typical of viruses, which aligned with their goal of prompting to address undocumented backdoors and weak protocols. This framing was reinforced during its unveiling at 6 on August 1, 1998, where live demonstrations illustrated unauthorized remote access capabilities, such as file manipulation and , to underscore the risks of unpatched systems rather than to facilitate indiscriminate attacks. Critics, including spokespeople, accused cDc of malicious intent through fear-mongering, arguing that releasing such potent exploit code undermined consumer trust in Windows without providing constructive patches, potentially serving anti-corporate agendas over genuine advocacy. Security firms like those analyzing Trojan horses labeled Back Orifice a high-risk backdoor enabling unauthorized control, with some observers dismissing the "demonstration" rationale as a for enabling mischief, given its ease of adaptation for covert surveillance or data theft. countered that vulnerabilities exploited by Back Orifice stemmed from user errors, such as running untrusted executables, rather than systemic flaws, and downplayed the tool's novelty by noting it relied on existing APIs without introducing novel exploits. These accusations gained traction amid reports of rapid dissemination, with over 100,000 downloads within days of release, raising fears of widespread weaponization against corporate and home users. Empirical evidence partially validated cDc's security demonstration claims through verifiable control features proven in controlled tests, such as establishing encrypted connections for administrative tasks that highlighted Windows' default lack of endpoint verification, prompting discussions on firewall necessities and patch urgency. However, documented misuse substantiated malicious potential: a 2002 GIAC analysis detailed an incident where Back Orifice, alongside plugins like Butt Trumpet, infected multiple hosts on a university network, enabling unauthorized access tracked via network logs and requiring forensic cleanup. U.S. assessments in October 1999 similarly warned of Back Orifice 2000's propagation by malicious actors for monitoring and tampering, with federal agencies monitoring its deployment in non-research contexts. While cDc advocated ethical use for penetration testing, the tool's dual-use nature—evident in both proofs-of-concept and wild exploits—fueled ongoing debate, with no evidence of cDc-orchestrated attacks but ample data on third-party abuses contrasting intended vulnerability disclosure.

Long-Term Legacy

Influence on Remote Access Tools and RATs

Back Orifice established foundational concepts for remote access trojans (RATs) by demonstrating persistent, unauthorized control over Windows systems via user-friendly graphical interfaces and network-based commands, paving the way for more advanced malware derivatives. Released in July 1998, it popularized features like , keystroke capture, and screen monitoring, which were directly emulated in tools such as SubSeven, launched in October 1999 by developer Mobman, who explicitly described SubSeven as a "clone" of Back Orifice. SubSeven retained core functionalities including remote desktop viewing, access, and registry manipulation while enhancing stealth through improved process hiding, reflecting Back Orifice's influence on evolving evasion tactics to operate undetected in the background. The 1999 release of (BO2K) further advanced this lineage with a modular plugin system, enabling extensible commands for custom payloads and communication protocols, a first adopted by later RATs like SubSeven for greater flexibility in server operations and notification methods. This architecture inspired stealth enhancements in subsequent , such as encrypted UDP traffic and polymorphic behaviors to bypass early network filters, contributing to the shift from rudimentary backdoors to sophisticated, modular RATs capable of long-term persistence. Empirically, Back Orifice's high-profile debut prompted antivirus vendors to integrate specific signatures for its detection within months of its release, marking an uptick in trojan-focused defenses; for instance, tools like early entries and commercial scanners began tracking BO variants by the early 2000s, driving industry-wide adoption of behavioral heuristics to identify similar patterns in emerging . This reactive evolution underscored Back Orifice's role in catalyzing proactive RAT mitigation, though it also accelerated adversarial innovations in techniques observed in post-1998 strains.

Contributions to Cybersecurity Practices

The demonstration of Back Orifice at 6 in August 1998 highlighted the ease of achieving over Windows systems without authentication, thereby elevating awareness of network-based attack vectors and prompting recommendations for defensive measures such as firewalls. advised that properly configured firewalls could block the inbound UDP connections required by Back Orifice, effectively mitigating its capabilities and establishing firewall deployment as a standard practice for protecting exposed systems. This guidance contributed to the integration of personal and enterprise firewalls into routine cybersecurity configurations during the late 1990s, as organizations sought to segment networks and restrict unsolicited traffic. Back Orifice's often involved disguising its installer as innocuous software, which underscored the risks of executing unverified executables from unknown sources, fostering early emphasis on regarding safe software handling. Incident responses to Back Orifice infections, such as those documented in , involved developing protocols for traffic monitoring and trojan detection, enhancing practices for scanning and log analysis to identify persistent threats. These efforts promoted the routine use of antivirus tools with behavioral heuristics and network intrusion detection systems tailored to anomalous patterns. In the longer term, Back Orifice exemplified the dual-use nature of remote access technologies, informing cybersecurity standards that prioritize mandatory , , and in legitimate tools to prevent unauthorized persistence. By illustrating in unauthenticated remote services, it influenced community-driven discussions on auditing for hidden risks, advocating for transparency mechanisms like reviews and disclosures as complements to closed-source trust models. This legacy reinforced principles of defense-in-depth, where multiple layered controls—ranging from input validation to access controls—became integral to secure system design.

Criticisms of Windows Security Model

Back Orifice's functionality exposed fundamental weaknesses in the security model, particularly its default execution of all processes with unrestricted administrative privileges and absence of mandatory access controls, which allowed a single trojan installation to compromise the entire system without further . Unlike contemporary Unix systems, which enforced user-level permissions and to limit damage from compromised components, and 98 prioritized usability for single-user desktops, resulting in no effective inbound network filtering or safeguards by default. This design empirically facilitated tools like Back Orifice to operate unchecked once deployed, as the OS provided no systemic barriers to lateral movement or . The tool's dissemination fueled arguments that Microsoft's near-monopoly in consumer operating systems during the late 1990s engendered complacency, reducing competitive pressures to embed proactive features such as built-in firewalls or audited code paths, which were more prevalent in fragmented Unix ecosystems. Analyses post-release contended that dominant insulated vendors from accountability, as users faced high switching costs, delaying incentives for hardening defaults against common vectors like unauthorized executables. Closed-source architecture further compounded verification challenges, preventing independent researchers from scrutinizing core components for latent flaws that tools like Back Orifice could exploit, in contrast to open-source alternatives amenable to auditing. This opacity sustained criticisms that models hindered causal identification of systemic risks, underscoring a need for market-driven diversity to compel verifiable improvements over time. While Back Orifice amplified calls for vendor-led fortifications, it also reinforced evidence-based views prioritizing user responsibility, with infection data attributing most Windows compromises to behavioral lapses like clicking malicious attachments rather than unpatched kernel defects, as trojans inherently bypassed technical defenses via social vectors. Empirical patterns showed over 90% of threats originating from or user-executed payloads, suggesting the model's flaws were exacerbated by inadequate user education rather than solely architectural oversights.

References

  1. https://cultdeadcow.com/tools/bo.html
  2. https://learn.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-010
  3. https://www.f-secure.com/v-descs/backori.shtml
  4. https://www.wired.com/1998/10/orifice-98/
  5. https://www.wired.com/1998/08/iss-chimes-in-on-back-orifice/
  6. https://cyber.tap.purdue.edu/blog/articles/hacktivism-the-cult-of-the-dead-cow/
  7. https://boingboing.net/2019/06/25/hacker-zelig.html
  8. https://www.redhotcyber.com/en/post/cult-of-the-dead-cow-cdc-the-story-of-the-most-famous-hacker-group/
  9. https://www.wired.com/1998/08/back-orifice-goes-forth/
  10. https://www.forbes.com/1999/07/16/feat2.html
  11. https://media.defcon.org/DEF%20CON%206/DEF%20CON%206%20articles/DEF%20CON%206%20-%20Cult%20of%20the%20Dead%20Cow%20-%20Back%20Orifice%20Announcement.txt
  12. https://www.zdnet.com/article/is-back-orifice-a-threat-or-an-educational-tool/
  13. https://cultdeadcow.com/news/bo2k_pressrelease.html
  14. https://www.giac.org/paper/gsec/13/hat-dildog-wearing/100129
  15. https://x.com/defcon/status/1281912629573726208
  16. https://www.giac.org/paper/gsec/60/orifice-2000-overview/100239
  17. https://www.cbtnuggets.com/common-ports/what-is-port-31337
  18. https://mycert.org.my/portal/advisory?id=MA-003.011999
  19. https://seclab.cs.ucdavis.edu/projects/testing/vulner/1.html
  20. https://www.giac.org/paper/gcih/306/tracking-orifice-trojan-university-network/101743
  21. http://www.pchell.com/internet/boserve.shtml
  22. https://cultdeadcow.com/news/bo_msrebuttal.html
  23. https://cdn.preterhuman.net/texts/underground/hacking/bo.txt
  24. https://bo2k.com/back-orifice-the-controversial-remote-administration-tool/
  25. https://www.2-spyware.com/remove-back-orifice.html
  26. https://www.zdnet.com/article/baring-of-back-orifice-lures-sro-crowd-at-def-con/
  27. https://www.paloaltonetworks.com/blog/2020/01/cyber-canon-cult-of-the-dead-cow/
  28. https://www.nytimes.com/2019/05/31/books/review/cult-of-the-dead-cow-joseph-menn.html
  29. https://archive.nytimes.com/www.nytimes.com/library/tech/98/08/cyber/articles/04hacker.html
  30. https://www.zdnet.com/article/back-orifice-2-0-going-legit-5000095922/
  31. https://www.giac.org/paper/gsec/2601/radar-covert-communications-channels/104464
  32. https://cultdeadcow.com/news/response.html
  33. https://ajroza.wordpress.com/2011/08/27/what-is-back-orifice/
  34. https://www.danknox.com/glossary.htm
  35. https://www.scribd.com/doc/106785842/Trojan-Horse-Case-Study
  36. https://www.wired.com/1998/07/back-orifice-a-pain-in-the/
  37. https://www.cnet.com/tech/tech-industry/programmers-protest-with-code/
  38. https://archive.nytimes.com/www.nytimes.com/library/tech/99/07/cyber/articles/09hacker.html
  39. https://irp.fas.org/congress/1999_hr/nipc10-6.htm
  40. https://killrbunn3.com/history-of-malware-remote-access-trojans-rats/
  41. https://darkcodersc.medium.com/a-malware-retrospective-subseven-d86fed0c88bf
  42. https://www.giac.org/paper/gsec/518/subseven-trojan-summary/101226
  43. https://www.jetir.org/papers/JETIR2409561.pdf
  44. https://www.csoonline.com/article/570049/from-pranks-to-apts-how-remote-access-trojans-became-a-major-security-threat.html
  45. https://security.stackexchange.com/questions/107546/old-os-memory-space-protection-was-it-really-that-bad
  46. https://forums.anandtech.com/threads/windows-98-administrator-privileges-problem.1645462/
  47. https://www.networkworld.com/article/890228/lan-wan-report-widespread-use-of-microsoft-software-poses-security-risk.html
  48. https://www.schneier.com/blog/archives/2024/04/microsoft-and-security-incentives.html
  49. https://www.washingtontechnology.com/2003/09/report-condemns-microsoft-monopoly-as-insecure/352857/
  50. https://www.informit.com/articles/article.aspx?p=3172442&seqNum=9
  51. https://www.researchgate.net/publication/220711487_Open_Source_Security_Analysis_-_Evaluating_Security_of_Open_Source_vs_Closed_Source_Operating_Systems
  52. http://news.bbc.co.uk/2/hi/science/nature/392526.stm
  53. https://www.avg.com/en/signal/malware-statistics
Add your contribution
Related Hubs
User Avatar
No comments yet.