A quick research has led me to discover that Back Orifice had its name chosen to intentionally remind the name of Microsoft Back Office suite of applications and it was developed by a group of crackers - which may be defined as a group of destructive and/or malicious computer hackers in simple words, called The Cult of the Dead Cow. Such software, which is composed by a group of several tools to perform more than 30 different tasks, was officially announced at the Black Hat Briefings Conference, in Las Vegas, Nevada, USA and it makes possible to anyone to scan and/or intercept and decode data exchanged between Microsoft Windows NT servers and/or take total control of Windows '95/'98 based computer systems, with the usage of the Internet connection these computer systems might be connected to. Back Orifice commonly occupies from 120 to 126 KB and may be generally found in the windows\systems subdirectory with a May, 11. 1998 stamp.

The creation and/or usage of this software has made system security breaking up no longer a privilege of a group of very high qualified and well specialized system analysts, programmers, hackers or crackers; thus, anyone can take total control of almost any machine connected to Internet. It is quite easy to understand the reasons why anyone who is used to navigate thru the seas of information of the Web is simply terrified by the dangerous possibilities of this software usage.

The program may conduct important operations such as: total access to all user's and/or system passwords - including the BIOS password; permission to create, alter and delete folders, directories and files; and it also allows its operator to perform vital tasks such as: remote system boot; hard drive/disk formatting; files download and/or upload; among many other critical functions that might be easily used to spy and/or interfere on a system normal operation.

Ironically, anyone who is using this powerful tool to spy and/or interfere on any other system that has an Internet connection is not safe at all, cause the installation and usage of the Back Orifice server components in a machine is also a broad gate that allows having someone's own system being attacked.

Fortunately some antidotes are being released at Internet and can be easily used to avoid and/or monitor the constant growth of this tool usage. It was already reported that victim computer infection can be accomplished by some executable files that are downloaded or brought via e-mail attachment; ftp and/or some Java applications which are sometimes automatically started during some Internet sites visiting. Unfortunately, most of the time this installation is done without being noticed by the user, and once activated, the victim computer user may not even notice that his/her system is no longer under his/her complete control.

Although lots of efforts have been made in order to find an effective way to eliminate the dangers brought by Back Orifice, Dave Murphy, membership director of ITrain, the International Association of IT Trainers, said: "Until a reliable response to the Back Orifice threat is available, email users should be vigilant about not opening email attachments received from unknown or unexpected sources". Back Orifice has been so harmful that even Microsoft is creating a group to react to this cracker's tools. Meanwhile, some actions can be done by Internet users in order to verify whether their systems have been infected and get rid of Back Orifice possible interference. There are many effective freeware versions of computer programs which have the ability to detect and remove the Back Orifice components that might be installed in your machine. Once you have already downloaded this safety tools, all you are supposed to do is to run these specific software periodically.

An alternative method to verify the possibility of having Back Orifice client components installed on your computer is the usage of the Windows '95 file searching capacity, which may be reached clicking the sequence (Start / Find / Files and Folders). Click on the 'Advanced' tag and determine it to search for files containing the following sequence: "bofilemapping" (without the inverted commas). Any file presented at the end of the file searching period may have malicious contents and is expected to be erased immediatelly.

Another way to have your system checked is to click the sequence (Start / Run) on Windows '95 systems and type "command /k netstat -n" (without the inverted commas again) which will open a windows containing the current system opened ports. Back Orifice commonly uses port 31337, but any value greater than 3000 may be subject of a detailed investigation and indicate a hacker activity.

Although Back Orifice Server and Client components have some default general configuration and naming, some alteration on these parameters have already been reported. This is done in order to try to prevent their components detection, making it more difficult to be eliminated and/or noticed by the user. Thus, even if the usage of detection and removal antidotes are common practice among Internet users, some results may not represent a safe system condition. Among many reported modifications, the most common ones are related to installed file names and/or default installation directories alteration.

There is also another important point to be considered. Even if Back Orifice components are detected and eliminated by some downloaded Back Orifice detection/removal software, it will take the system more than 10 minutes to have this hard task performed, which is more time than enough to a well succeeded invasion.

Back Orifice documentation might be considered quite technical to an average computer user, and besides that, it doesn't have all the information someone needs to obtain the maximum output from the software package. Ordinary functions might include the search of machines which have Back Orifice server components running; viewing and downloading all or part of the contents of hard disk; files uploading; monitoring what the user at the victim computer system is typing, and probably one of the most dangerous: total access to passwords stored in a machine.

Finding Back Orifice servers can be easily accomplished by typing the value of a subnet in the corresponding place in the window displayed by the program or you can simply open notepad and make a list of ip subnets, and then press the ping button in the lower left side of the window or enter the filename in the textbox. Back Orifice will sweep all the subnets in the list. A message will automatically be displayed when it detects a machine running server components.

In order to conclude, it is quite simple to understand that there will be many danger while we are navigating at Internet; thus, once more, it is very important to have Internet Security procedures and planning always updated and effective, in order to keep our connection safe and reliable