This article needs additional citations for verification. (October 2016) (Learn how and when to remove this template message)
Back Orifice (often shortened to BO) is a computer program designed for remote system administration. It enables a user to control a computer running the Microsoft Windows operating system from a remote location. The name is a play on words on Microsoft BackOffice Server software. It can also control multiple computers at the same time using imaging.
|Developer(s)||Sir Dystic (cDc)|
1.20 / August 3, 1998
|Operating system||Microsoft Windows,|
UNIX-systems (client only)
(source distribution, UNIX client)
|Website||Back Orifice Homepage|
Back Orifice has a client–server architecture. A small and unobtrusive server program is on one machine, which is remotely manipulated by a client program with a graphical user interface on another computer system. The two components communicate with one another using the TCP and/or UDP network protocols. In reference to the Leet phenomenon, this program commonly runs on port 31337.
The program debuted at DEF CON 6 on August 1, 1998 and was the brainchild of Sir Dystic, a member of the U.S. hacker organization Cult of the Dead Cow. According to the group, its purpose was to demonstrate the lack of security in Microsoft's operating system Windows 98.
Although Back Orifice has legitimate purposes, such as remote administration, other factors make it suited for less benign uses. The server can hide from cursory looks by users of the system. Since you can install the server without user interaction, it can be distributed as the payload of a Trojan horse.
For those and other reasons, the antivirus industry immediately categorized the tool as malware and appended Back Orifice to their quarantine lists. Despite this fact, it was widely used by script kiddies because of its simple GUI and ease of installation.
Two sequel applications followed it, Back Orifice 2000, released in 1999, and Deep Back Orifice by French Canadian hacking group QHA.
- Richtel, Matt. "Hacker Group Says Program Can Exploit Microsoft Security Hole," The New York Times August 4, 1998. Retrieved April 24, 2007.
- "Information on Back Orifice and NetBus". Symantec. Retrieved 8 February 2013.
- Knudsen, Kent (April 5, 2002). "Tracking the Back Orifice Trojan On a University Network" (PDF). sans.org. p. 7. Retrieved April 20, 2018.
The server normally binds to UDP port 31337, but it may be configured to use another port.