BackOrifice allows a Win95
PC to be remotely "administered" over the net. The boserver by default
listens on UDP port 31337.
BO is a powerful tool, and Win95 typically has no security at all.
BO lets you:
Reboot the PC
View the task list; kill specific tasks
List files; delete files
View the cached password list
Capture keystrokes to a logfile
Capture the screen image to a file
Capture the output of a video-for-windows device
Play .WAV files
Enable a webserver with upload/download/view capabilities for the
entire PC.
Scan the local subnet
Run arbitrary programs
Attach a program to a TCP or UDP port, for instance
COMMAND.COM to
TCP port 23 lets someone telnet to the PC.
Enable Win/workgroup file sharing
Lock up the PC
Edit the registry
Open a dialog box
If you install it yourself, you can configure it to listen on an alternate
port, use encrypted packets, and install under an alternate filename.
The default filename is C:\WINDOWS\SYSTEM\.EXE (with a blank icon).
The problem, clearly, is where someone installs BO thinking it is
something else, like an image viewer, on the basis of some chat room
gossip.
According to an article in Wired,
lots of Australian ISPs are "infected with BO". My machine at home on @Home.net gets BO connection attempts
on a daily basis