| Port No | 3133 |
| Service Name | Back Orifice |
| RFC Doc | 0 |
| Protocol | UDP |
| Description | Back Orifice 1.20 is a trojan from 1998. Unlike most trojans it communicates with encrypted UDP packets instead of TCP. This trojan uses plugins which will vary the size of the server. |
| Reference Link | Back Orifice Trojan |
| Attack | It autoloads the Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run It does the following : Capture screen shot Capture video/audio Create a directory Create/delete export Compress/decompress file Disable/Enable http server Get cached passwords Log keystrokes Misc. file options Plugins Registry editing Spawn a text based application on a tcp port View contents of file View/Kill plugins View/Kill processes Removal : 1.Delete the registry bo key located at KEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\. This can be done using regedit or another registry editing program. 2.Reboot the computer or close the trojan file 3. Delete the trojan server exe file in the windows directory. |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.