Clicky

Three Archaic Backdoor Trojan Programs That Still Serve Great Pranks

There are several things that come to mind when talk of the 1990’s comes around. Nirvana, vodka, cheap rap, and well- global warming wasn’t the subject of every conversation. But what really outshines the rest is the world of computing. The world of security was just getting its foothold into what is now a highly evolved and much more complicated scene. Three programs in particular allowed anyone to pull of amazing feats of prowess- all without any hacking knowledge.

Today these programs won’t make it past a cheap firewall. And we can’t recommend pranking a friend, but if you do, make sure he has his back turned at least long enough for you to turn his firewall off. Or if you’re clever with words, you might convince him to do it himself!

Back Orifice / Back Orifice 2000

Back Orifice, or BO, is one of the more common backdoor programs- and one of the most lethal of the bunch. The name may seem like a joke, but rest assured, the threat was quite real for its time. Back Orifice was created by the Cult of the Dead Cow group. If you haven’t noticed, they seem to have a knack for a sense of off-the-wall humor. Aside from the bizarre name, the program commonly runs on port 31337- a reference to the “Leet” phenomenon popular among hackers.

back orifice

Pictured above is Back Orifice Version 2000. Back Orifice uses the client-server model, whereas the server is the victim and the client is the attacker. What made Back Orifice so dangerous is that it can install and operate silently. There is no need for user interaction whatsoever, meaning you could have it on your computer even today and not be aware of it.

Companies such as Symantec have taken steps in guarding computers against the program, as they have deemed it as dangerous. This is due partly to the fact that it is still being actively developed as an open source tool. As stated in the BO documentation, the goal is to ultimately make the presence of Black Orifice 2000 unknown- even to those who installed it.

Back Orifice 2000 is being developed for Windows 95, Windows 98, Windows NT, Windows 2000, and Windows XP.

Where Can I Download Back Orifice 2000?

Back Orifice 2000 may be downloaded at the following location: http://sourceforge.net/projects/bo2k/

Removal of Back Orifice 2000 will require that you edit your registry settings. To remove it in 7 easy steps, refer to the diagram below.

How To Remove Back Orifice 2000


  • 1. Click Start > Run, and then type “Regedit” (without quotes)
  • 2. Follow the below path: “HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunServices”
  • 3. Now in the right window, look for the following: “umgr32 = ‘c:windowssystemumgr32.exe”
  • 4. Right click on this entry, and click delete. Now restart your computer.
  • 5. After the restart, only open Windows Explorer. Make sure you can see all registered extensions. To do so, go to View > Options, and configure the appropriate settings.
  • 6. Go to the WINDOWSSYSTEM directory, and find the “umgr32.exe” file. Once you’ve found it, delete it.
  • 7. Exit Windows Explorer and restart your computer once more.

NetBus / Netbus 2.0 Pro

NetBus was created around the same time that Back Orifice was- the late 1990’s. NetBus was originally designed as a program to prank friends and family with- certainly nothing too malicious. The program made its debut in 1998, making pranks and attacks still available in the later 1990’s.

What makes NetBus famous is that in 1999, a law scholar by the name of Magnuss Eriksson was a victim of a NetBus attack. Child pornography was placed on his computer, coworkers found it, and he lost his job. Only 5 years later did he reclaim his innocence, but after much turmoil and emotional treatment. Some pranks go a little too far, as you can tell.

netbus

Where can I Buy and Download NetBus?

NetBus may be bought and downloaded at the following location: http://www.netbus.org/

Luckily, the latest version of NetBus is a valid program. It can be removed just like any other program. Previous releases of NetBus are a little more difficult, however.

How To Remove NetBus


  • 1. Click Start > Run, and then type “Regedit” (without quotes)
  • 2. Follow the below path: “HKEY_LOCAL_MACHINESoftwareMicrosoftWindowsCurrentVersionRunServices”
  • 3. Now in the right window, look for the following: “[Name_of_Server].exe” Of course, you will have to find the actual name of the exe file. It is commonly “Patch.exe” or “SysEdit.exe”, but may differ.
  • 4. Restart, and remove any traces of the actual program that may be left. Optionally, you may Install NetBus yourself, and then use its own removal feature.

SubSeven / Sub7

SubSeven, or Sub7, was created for the same purpose NetBus was- for pranks. Sub7 actually has support for more pranks and also has a better looking user interface.

sub7

Where can I Buy and Download Sub7?

Sub7 is not supported anymore, and thus, is not available for download on any legit websites. If you were to do a Google search, you would find links to download Sub7. However, these are not official sites, and should be considered shady or dangerous.

How To Remove Sub7


  • 1. End the following processes via task manager: ”editserver.exe, subseven.exe”
  • 2. Remove the following files: “editserver.exe, subseven.exe, tutorial.txt.”

Why These Programs Are Completely Legal

The entire basis behind these programs is that they are designed to help people- not do harm. While some such as NetBus were indeed originally created for pranks, they have switched routes to avoid legal troubles.

These programs claim to be legit remote desktop programs, although they are obviously easily used for malicious use. These programs are actually supposed to be used for helpdesk or customer support departments. Why every pre-teen of the1990’s had a copy is beyond us, but we get the feeling these were being used for more than testing purpose.

The advent of newer technology has made these programs in some ways less effective. However, programs such as Back Orifice 2000 are still yet evolving. The Back Orifice team has also been rumored to be working on a sequel to their program- will it impact computing the same way the late 1990’s were with these programs?

For our own entertainment purposes, we can only hope.


There Are 7 Responses So Far. »

  1. Strange things

  2. good ol times.
    i was an imba script kiddy @ that time lol

  3. its excellent!

  4. Anyone that intrudes in your home or office system is intruding into your personal property, much like your house or vehicle and should be prosecuted accordingly. It does not matter if it is just for fun or curiosity. It is as illegal as the any other unauthorized intrusion.

  5. Uh, who invited the lawyer?

  6. heh. yeah thats a fine question.

    but seriously, reading about what people used netbus to do to Magnuss Eriksson is so sad.

    having fun is one thing, but it seems that people far too often push the envelope too far.

    just because you can do something doesnt mean that you should do it.

  7. The sad thing about Magnuss Eriksson is that it -really- just shows how little we can trust anything that’s being said about how a person uses his or her computer — how can anyone know if it was someone using NetBus to download child porn on his computer or if it was Eriksson himself who did so and only had the good fortune to have a program installed on his computer that would allow anyone (or just someone?) to take control over his computer without his knowing — in fact, how can we know that he didn’t install it himself to make his story credible. The fact is we can never know which version is the true story (if any of them are) nor can we find out which is probably the true story.

    (I’d like to make it clear that I am not trying to make Eriksson look bad here: I don’t really care about his particular story, only about the implications it has on the model of trust we implicitly assume is good with regards to -unsafe- computers)

Comment on This Article