ISS Decodes New Hacker Threat, Back Orifice 2000.ATLANTA--(BUSINESS WIRE)--July 12, 1999-- ISS ISS See Institutional Shareholder Services (ISS). X-Force First to Research Program and Develop Countermeasures to Detect Back Orifice A program that installs itself on a Windows machine as a server, allowing a cracker with the client counterpart to manipulate the machine more completely than the user at the keyboard. It can come in the form of a Trojan or ActiveX control. 2000 Network and System Intrusions Internet Security ''This article or section is being rewritten at Internet security is the process of protecting data and privacy of devices connected to internet from information robbery, hacking, malware infection and unwanted software. Systems (ISS) (NASDAQ NASDAQ in full National Association of Securities Dealers Automated Quotations U.S. market for over-the-counter securities. Established in 1971 by the National Association of Securities Dealers (NASD), NASDAQ is an automated quotation system that reports on : ISSX ISSX Internet Security Systems Inc. (stock abbreviation, AMEX) ) today announced that in less than 24 hours its X-Force research team has decoded the protocols and encryption algorithms contained within the latest threat to networks and PCs, Back Orifice 2000 (BO2K (Back Orifice 2000) See Back Orifice. ). Initially released in Las Vegas Las Vegas (läs vā`gəs), city (1990 pop. 258,295), seat of Clark co., S Nev.; inc. 1911. It is the largest city in Nevada and the center of one of the fastest-growing urban areas in the United States. at DefCon on Saturday night, this new "backdoor See trapdoor. " or "Trojan Horse See Trojan. Trojan Horse hollow horse concealed soldiers, enabling them to enter and capture Troy. [Gk. Myth.: Iliad] See : Deceit (application, security) Trojan horse " software program developed by hacker organization, Cult of the Dead Cow CULT OF THE DEAD COW, also known as cDc or cDc Communications, is a computer hacker and DIY media organization founded in 1984 in Lubbock, Texas. The group maintains a weblog on its site, also titled "CULT OF THE DEAD COW". , can be used to gain unauthorized access to and control of Microsoft Windows See Windows. (operating system) Microsoft Windows - Microsoft's proprietary window system and user interface software released in 1985 to run on top of MS-DOS. Widely criticised for being too slow (hence "Windoze", "Microsloth Windows") on the machines available then. and Windows NT-based PCs and networks. X-Force Research Findings Back Orifice 2000 is a new version of Back Orifice -- a backdoor program not a virus-- initially publicly released in July 1998 (http://xforce.iss.net/alerts/advise5.php3). Designed to be invisible to its victims, Back Orifice 2000 can be extremely harmful to end-users. Unlike a virus, BO2K is not self-replicating and must trick users into installing the program. Once installed it can easily be used to perform unauthorized actions without knowledge of the user. For example, BO2K can delete files, reconfigure machines, steal passwords, and redirect network traffic. Although BO2K can be viewed as a remote monitoring (protocol) remote monitoring - (RMON) A network management protocol that allows network information to be gathered at a single computer. Whereas SNMP gathers network data from a single type of Management Information Base (MIB), RMON 1 defines nine additional MIBs that provide a tool, its main purpose is to gain unauthorized control over another machine for reconfiguration and data collection. The features of this program, combined with the anonymous and malicious control of machines makes it especially dangerous in a networked environment. Industry Collaboration to Fight the Threat "ISS is taking a very proactive role in sharing its X-Force research findings for the greater protection of the entire industry with Microsoft, security research organizations and anti-virus and intrusion detection See IDS and IPS. vendors," said Christopher Rouland, director of ISS' X-Force security research team. "However, like with any threat, organizations can take a proactive role in managing their risk and protecting their networks. Implementing an intrusion detection system This article is about the computing term. For other uses, see Burglar alarm. An intrusion detection system (IDS) generally detects unwanted manipulations of computer systems, mainly through the Internet. like RealSecure will be critical as it can uniquely guard the network perimeter and identify if someone is trying to execute a backdoor program against a particular machine." Rouland added, "ISS is also developing a Flex Check for our Internet Scanner product for added network detection of BO2K." Jason Garms, lead product manager for Windows NT security at Microsoft added, "We value our continuing relationship with ISS, and are pleased with its quick sharing of information about BO2K with the industry. Like ISS, we understand the seriousness of this threat, but are confident that widespread awareness coupled with the proper countermeasures and safe computing practices will provide organizations with a continued safe computing experience." The ISS X-Force research indicates that the installation of BO2K is a dangerously simple process. Comprised of two parts: client and server, a BO2K controller executes a server application and immediately installs the program on an unsuspecting machine. This executable is originally named "bo2k.exe", but can be renamed. Once installed, a BO2K controller has access to over 70 commands contained within Back Orifice. These commands can be used to gather information and send various instructions to the server. BO2K Protection ISS is rapidly developing critical countermeasures for its customers within its leading intrusion detection system, RealSecure, as well as its Internet Scanner, vulnerability management solution. Network vulnerability and intrusion detection is critical for detecting and terminating backdoor programs by going beyond traditional anti-virus software to detect the presence of this backdoor on a system, as well as connection attempt outside of a network. In addition, ISS urges users to take the following important computer safety precautions: -- Do not open e-mail attachments, especially from non-trusted sources, -- Do not accept files from Internet Chat Systems as they inherently introduce vulnerabilities; and -- Be sure that if you are connected to the Internet, do not enable network file sharing without the proper security measures in place. For More Information About BO2K For complete X-Force research findings and a white paper on BO2K, please visit the ISS Web site at www.iss.net. About ISS ISS leads the market as the source for e-business risk management solutions, serving as a trusted security provider to 21of the 25 largest U.S. commercial banks and more than 35 government agencies. With its Adaptive Security Management approach, ISS enables information protection and continuous security improvement within Intranet, extranet and electronic commerce environments. Its award-winning SAFEsuite(R) product line is vital for protection in today's world of global connectivity, enabling organizations to proactively monitor, detect and respond to vulnerabilities and threats to enterprise information. Founded in 1994, ISS is headquartered in Atlanta, GA with additional offices throughout the U.S. and international operations in Belgium, France, Germany, Japan, Latin America and the UK. For more information, visit the ISS Web site at www.iss.net or call 800-776-2362 This release, other than historical information, includes forward-looking statements made pursuant to the "safe harbor Safe Harbor 1. A legal provision to reduce or eliminate liability as long as good faith is demonstrated. 2. A form of shark repellent implemented by a target company acquiring a business that is so poorly regulated that the target itself is less attractive. " provisions of the Private Securities Litigation Reform Act The Private Securities Litigation Reform Act of 1995 (PSLRA) implemented several significant substantive changes affecting certain cases brought under the federal securities laws, including changes related to pleading, discovery, liability, class representation and awards fees and of 1995. The risks and uncertainties which could cause actual results to differ materially from those in the forward-looking statements include, but are not limited to, the following: the level of demand for the Company's products; the volume and timing of orders; product and price competition; the Company's ability to expand its domestic and international sales and marketing organizations; the Company's ability to develop new and enhanced products; the Company's ability to attract and retain key personnel; the mix of distribution channels through which the Company's products are sold; the growth in the acceptance and use of the Internet and of private Internet-protocol networks or "intranets"; the extent to which unauthorized access and use of online information is perceived as a threat to network security; customer budgets; the assertion of infringement claims with respect to the Company's intellectual property; seasonal trends in customer purchasing; foreign currency exchange rates; general economic factors; and risks concerning the rapid change of technology. These risks and others are discussed in the Company's periodic filings with the Securities and Exchange Commission. These filings can be obtained either by contacting ISS Investor Relations Investor relations The process by which the corporation communicates with its investors. or through the Securities and Exchange Commission's Web site at "http://www.sec.gov". Internet Security Systems, RealSecure and SAFEsuite are trademarks of Internet Security Systems, Inc. All other companies and products mentioned are trademarks and property of their respective owners. |
|
||||||||||||||||
Printer friendly
Cite/link
Email
Feedback
Reader Opinion