Amid great fanfare, pounding techno music and the screeching of Cult of the Dead Cow (cDc) member Grandmaster Ratte, the cDc released BackOrifice 2000 (BO2K) here at DefCon.
Before a room packed with attendees, 19 cDc members cheered the crowd, threw out T-shirts, and put images of communists such as Chairman Mao on a giant screen projection, all to promote the release of their "remote administration tool" for use with Microsoft Windows NT systems.
Away from the conference, Symantec announced on Monday that it has posted a virus definition to protect against what it terms the "BackOrifice 2000 Trojan horse".
"Never in history has a single hacking tool gotten so much attention," said a member of the DefCon audience who wished to be unnamed.
The cDc, a group of hackers, crackers, and programmers, last year released BackOrifice, a remote administration tool that could also be used to gain illicit control and access to unknowing users' Windows 95 and Windows 98 machines. The latest version, BackOrifice 2000, now provides support for Windows NT, as well as new plug-ins, such as BOPeep, BOTools, BOSock32, BOChat, and BOScript.
Garnering "oohs" and "ahhs" from those gathered, BO2K creator, code-named Dildog, listed functions of BO2K, such as HTTP file support for Network Neighborhoods, support for "legacy" BackOrifice programs, and the applications footprint of 113 K.
"But the real winner here has really been the plug-in interface," said Dildog, who demonstrated BOPeep's capability to take remote control of a user's keyboard and mouse, and BOTools, which "provides a remote file browser and resets editor plug-ins".
Though BackOrifice and now BO2K can be used for malicious means by planting a Trojan horse in systems to gain surreptitious access, Dildog and the cDc continue to contend the real benefits of the system are remote administration and showing Microsoft the potential flaws in the company's security model.
"I know that the last version of BackOrifice was convenient to put in Trojan horses," said Dildog. "But we don't want you to be afraid of [BO2K]; we want you to use it."
"The problem is a fundamental issue with the way Microsoft does things. We want Microsoft to change its ways," said cDc member Deth Veggie. "The lack of a security model for Windows 95 is the most terrifying thing for corporations."
The cDc is also releasing BO2K as open-source code under GPL (GNU Public License), which allows users to utilise and alter the code for their own means, but not to resell it. The group also wants to settle fears of secret access being enabled within the system.
"Last year we released BackOrifice and it wasn't open source and people were saying there might be a back door in it," said Deth Veggie.
Microsoft, however, is taking the stance that BO2K is a virus and a threat, and is warning users about the group.
"There is an attempt here, as part of these silly games that they play, to make it look like this is a real product. It's unfortunate that these guys really view this as a game. They are really playing a game with the users," said Jason Garms, lead product manager for Microsoft Windows NT security. "People are taking threats very seriously. You are seeing an increase even over last year in the general IT industry and so forth. But these guys have set a precedence with how malicious they were willing to be last year."
Symantec, responding to the release of BackOrifice 2000, has posted for Norton AntiVirus software users a virus definition set to protect against B02K. The definition set is available through Symantec's LiveUpdate or at the Symantec Web site at http://www.symantec.com/avcenter/download.htmlThe public displays and media attention in which the cDc have revelled have also turned some of their fellow DefCon attendees against them.
"They're kind of too arrogant for their own good," said a 16-year-old attendee from Ohio, code-named Cirrus. "Whenever [the cDc has] been proven right about Microsoft, they've tried to get Microsoft to eat their words. It's fine if they want to push a point, but I think they've been pushing too long."
BackOrifice 2000 was slated for release for free at http://www.bo2k.com on Tuesday, according to Dildog.http://www.cultdeadcow.com http://www.microsoft.comhttp://www.symantec.com