Return To Home Page Search Fire Products, Services and others Overview of the Site Design and Build a Career Contact us for customer service and other feedback info Prognet Privacy Statement

Click here to view product details, fire framework, screen shots, Y2K statement, etc.Download fire evaluation copy, updates, upgrades, user manual, free utils and lot more.Customers can enjoy technical support, security tips, FAQ, free virus alert mail, etc. Online ordering, renewal form and upgrade details.Resellers, dealers and distributors can enter here.Click here to view latest virus alerts, virus information center, virus calendar, etc.Latest news and other press releases.About Prognet Technologies Pvt. Ltd, technical team, clients, events and lot more.

 

BEWARE OF BACK ORIFICE 2000 TROJAN

                     BO2K is a hacker agent, it allows the computer to be remotely controlled by another user. It was created by the Cult of Dead Cow hackers group in July 1999. It works on Windows 95, 98 and Windows NT platforms. There are two versions available in this Trojan, one is designed for USA and other an international version.

                     BO2K uses UDP or TCP protocols and XOR or TripleDES encryption algorithms. The source code of this trojan is also made public allowing hackers to modify the software. This Trojan contains the executables named "bo2k.exe", "bo2kcfg.exe", "bo2kgui.exe" and a plug-in "bo_peep.dll".

                     As its previous versions, the Back Orifice 2000 backdoor has 2 major parts: client and server. The server part needs to be installed on a computer system to gain access to it with the client part. The client part connects to the server part via network and is used to perform a wide variety of actions to remote system. The client part has a dialog interface that eases the process of hacking of the remote computer.

Here is the screenshot of the Client Part

The server, i.e. the part of the program that installs itself on the victim computer, is totally configurable, for which it is now possible to define the following parameters, among others:

  • The ports used to access the computer that will act as the server.
  • The passwords used by the client to access the server.
  • The type of encryption used (XOR or TripleDES).
  • The network protocol used (UDP or TCP).
    •

    Among the 70 commands that can be remotely executed are the following:

  • Hide server activity: used to make Trojan activity invisible for the infected user.
  • Delete original exe file, which permits improve stealth.
  • Hide server process.
  • Change server process name.
  • Change the process name of the remote administration service.
  • Reboot remote machine.
  • Lock-up Machine.
  • List user passwords.
  • Get info on remote machine: OS, memory, processor...
  • Start or stop a process.
  • Modify Windows' Registry.
  • Find, copy, rename, modify, save, delete, send, get and read files and directories.
  • Start or stop a process.
  • Open/Close remote server.
  • List, load and delete BO2K plug-ins.
    •

    How can I protect my system?

    Fire has incorporated BO2K into its virus signature file, with the aim of helping users affected by this Trojan attack to detect and eliminate it from their systems. Fire anti-virus users can update this signature file from our web site. A free utility also available to detect and clean this virus in Download Center.

    Go to top of the page
    Bottom image.