What Customers Should Know About "BackOrifice 2000" 7/8/99 Source: http://www.microsoft.com/security/bulletins/bo2k.asp What Customers Should Know About "BackOrifice 2000" "BackOrifice 2000" (BO2K) is a malicious program that is expected to be released on or about July 10, 1999. Customers can protect themselves by following normal safe computing practices. Although the software has not yet been released, Microsoft is closely monitoring the situation and is committed to providing information that will let customers understand and protect themselves against it when it becomes available. Following are frequently asked questions about the program. What is BO2K? BO2K is a program that, when installed on a Windows computer, allows the computer to be remotely controlled by another user. Remote control software is not malicious in and of itself; in fact, legitimate remote control software packages are available for use by system administrators. What is different about BO2K is that it is intended to be used for malicious purposes, and includes stealth behavior that has no purpose other than to make it difficult to detect. What's the danger from it? When BO2K is installed on a computer, the attacker can do anything that the user at the keyboard could do. This includes running programs, creating or deleting files, sending and receiving data, and so on. How would it get onto my computer? Like any computer program, BO2K must be installed on the target machine. BO2K cannot be "injected" onto your machine. There are only two ways it can be installed: By giving the attacker physical access to your logged-on computer. If the attacker learns your password or you leave your logged-on workstation unattended, he or she can install BO2K on your machine. By tricking you into installing the software. This is known as a "Trojan horse" technique. The attacker might send you an email attachment that claims to be a game but which really installs BackOrifice. How do I prevent having BO2K installed on my machine? You don't need to take any extraordinary precautions. Just follow normal safe computing practices: Never share your password, and always lock your computer when you walk away from it. Never run software from untrusted sources. Always keep your anti-virus and other security software up to date. If it's on my machine, how do I get it off? The makers of anti-virus and intrusion detection software are standing by awaiting its release, and are poised to quickly develop software that will detect and remove BO2K. Microsoft is working closely with them to assist in this process. When BO2K's predecessor was released, defenses were available within days, and the same is likely to happen with this release. Does BO2K exploit any security vulnerabilities in Windows or Windows NT? No. Programs like BO2K could be written for any operating system; this one just happens to have been written to run on Windows and Windows NT. On any operating system, if you choose to run a program, it can do whatever you can do. And if you can be tricked into running a destructive piece of software, it can abuse that capability by erasing data, changing information, or allowing someone else to give it commands. Trojan horse software doesn't target technology, it targets the user. If BackOrifice did in fact exploit security vulnerabilities in Windows or Windows NT, Microsoft would promptly fix the vulnerability, and BackOrifice would be stopped. Instead, the makers of BackOrifice realized it is easier to target people and trick them into running harmful software than it is to target the technology. Is BO2K like the Melissa virus? Only in the sense that both were Trojan horse programs that performed malicious actions, and neither exploited any security vulnerabilities in Microsoft products. What is Microsoft doing about BO2K? Microsoft is closely monitoring the situation, and is committed to helping customers have a safe, enjoyable computing experience. Microsoft security experts are standing by, and when the software is released, they will determine exactly how it works and what measures can be taken to protect against it. Microsoft has worked with other members of the security community—especially anti-virus vendors, intrusion detection software vendors, and makers of mobile code security products—and is working closely to ensure that software to detect and remove BO2K is available as soon as possible. Microsoft will provide information to customers about the program as more details are known. © 1999 Microsoft Corporation. All rights reserved. Terms of Use.