An underground hacker organisation in the US last week released Back Orifice, a program allowing the user to invisibly control and access Windows machines over a network.
The organisation, called the Cult of the Dead Cow (www.cultdeadcow.com), described the software as a "utility which allows the user to control and monitor computers running the Windows operating system over a network".
The hacker who wrote the program, who goes by the name of Sir Dystic, said: "The two main legitimate purposes for (Back Orifice) are remote tech support aid and employee monitoring and (administration)."
However, the software's feature list reveals a more sinister purpose.
Back Orifice allows a user to control the Windows file system, registry, system files, passwords, network configuration and processes. It includes multimedia controls that allow images to be captured from the target machine's screen, or from any attached video device; an HTTP server that allows files to be transferred to and from the target machine on any port; an integrated packet sniffer for monitoring network traffic; and a keyboard monitor that captures all keyboard input.
It also allows connections or applications to be redirected, which means that the target machine can be used to host attacks on other systems.
A simple telnet session could be used to input text into an application on the host machine, for example an Email client, making it seem as if the user of the target machine had input the text.
Microsoft issued a response almost immediately, claiming: "Back Orifice does not expose or exploit any security issue with the Windows platform or the BackOffice suite of products." The company pointed out that remote control software is already commercially available, and that for Back Orifice to have a harmful effect on a user's computer, the user would have to install, or be tricked into installing, the Back Orifice server program.
In addition, the attacker would have to know the user's IP address, and be sure that the user was not behind a firewall.
David Bridger, NT product manager at Microsoft, said that "business customers should be aware of security policies", such as the need for reliable firewalls.
"We take security very seriously," he said. "To me, the biggest thing is the fact that this ridicules security awareness, and doesn't add value."
IBM and Technical University of Munich team demonstrate how Shor's algorithm, which can't be cracked by conventional computers, can be solved quickly with quantum computing
Hubble Space Telescope finds superflares from young red dwarfs could strip away planetary atmosphere
Younger stars are 100 to 1,000 times more energetic than when they're older
Two of the big four supermarkets will use the system to control sales of restricted products
PUBG news and updates: November's Update #23 to bring new Skorpion pistol and changes to blue zone visibility
Genuinely useful side-arm coming to PUBG in Update #23