Back Orifice (BO)
Definition - What does Back Orifice (BO) mean?
Back Orifice (BO) is a remote administration system that allows a user to take full control of a computer remotely running the Microsoft Windows operating system (OS) across a TCP/IP connection, either through a simple console or graphical user interface (GUI).
BO actually gives the remote machine more control over a local area network (LAN) or through the Internet, that it does with the person sitting in front of a computer. The program is quite controversial, as it was developed to demonstrate the lack of security in the Windows 98 OS and has all the potential capabilities needs by hackers, despite having a legitimate purpose, like remote administration.
The name is a play on words of Microsoft’s BackOffice Server software.
Techopedia explains Back Orifice (BO)
BO was developed by American hacker Josh Buchbinder, also known as Sir Dystic, to expose the security capabilities of Windows 98.
The application came in the form of a remote administration system that is remotely installed without user interaction and does not show up in the task manager panel, so it cannot be killed. It restarts itself each time the OS starts. The system's client side is installed on another computer where the administrator can take control of the remote computer.
BO has the following capabilities:
- System control: Allows the administrator to remotely log key strokes or lock/reboot the machine. It can get detailed machine information, including access to all drives and passwords saved or cached by the OS or user.
- File system control: Allows total control of the file system from copying, modifying, locking and deleting to compression and decompression
- Process control: Spawns or kills processes at will
- Multimedia and application control: Controls any multimedia device, such as the computer’s webcam or microphone, plays audio/video (A/V) files, take screenshots and more
- Network control: Functions as an integrated packet sniffer, allowing the monitoring of data, logs and any passwords while redirecting any incoming packet to any port toward any other port or address
Even with a legitimate purpose like remote administration, the server hides itself from the system and can be distributed as the payload of a Trojan horse. Because of this, the antivirus industry categorizes the tool as malware and immediately quarantines the software.