Back Orifice

From Wikipedia, the free encyclopedia
Back Orifice
Developer(s)Sir Dystic (cDc)
Stable release
1.20 / August 3, 1998
Operating systemMicrosoft Windows 9x,
UNIX-systems (client only)
TypeRemote administration
(source distribution, UNIX client)
WebsiteBack Orifice Homepage

Back Orifice (often shortened to BO) is a computer program designed for remote system administration. It enables a user to control a computer running the Microsoft Windows operating system from a remote location.[1] The name is a play on words on Microsoft BackOffice Server software. It can also control multiple computers at the same time using imaging.

Back Orifice has a client–server architecture.[2] A small and unobtrusive server program is on one machine, which is remotely manipulated by a client program with a graphical user interface on another computer system. The two components communicate with one another using the TCP and/or UDP network protocols. In reference to the Leet phenomenon, this program commonly runs on port 31337.[3]

The program debuted at DEF CON 6 on August 1, 1998 and was the brainchild of Sir Dystic, a member of the U.S. hacker organization Cult of the Dead Cow. According to the group, its purpose was to demonstrate the lack of security in Microsoft's Windows 9x series of operating systems.

Although Back Orifice has legitimate purposes, such as remote administration, other factors make it suitable for illicit uses. The server can hide from cursory looks by users of the system. Since the server can be installed without user interaction, it can be distributed as the payload of a Trojan horse.

For those and other reasons, the antivirus industry immediately categorized the tool as malware and appended Back Orifice to their quarantine lists. Despite this fact, it was widely used by script kiddies because of its simple GUI and ease of installation.

Two sequel applications followed it, Back Orifice 2000, released in 1999, and Deep Back Orifice by French Canadian hacking group QHA.

See also[edit]


  1. ^ Richtel, Matt. "Hacker Group Says Program Can Exploit Microsoft Security Hole," The New York Times August 4, 1998. Retrieved April 24, 2007.
  2. ^ "Information on Back Orifice and NetBus". Symantec. Archived from the original on February 22, 1999. Retrieved 8 February 2013.
  3. ^ Knudsen, Kent (April 5, 2002). "Tracking the Back Orifice Trojan On a University Network". p. 7. Archived from the original (PDF) on April 21, 2018. Retrieved April 20, 2018. The server normally binds to UDP port 31337, but it may be configured to use another port.

External links[edit]