What’s old is new again — from Back Orifice to Flame

Posted: June 1, 2012 in Uncategorized
Tags: , , , ,

By now you’ve probably heard the news reports of the recent discovery of the Flame malware that seems to be targeting systems in Iran (and possibly other locations in the Middle East). While there are some similarities with the Stuxnet worm, there are probably even more differences.

At this point it appears that Stuxnet was designed for sabotage — specifically targeted at Iranian nuclear facilities — while Flame seems to be built for espionage. In other words, it’s a software-based spy.

The press has picked up on this aspect as well and has been reporting that Flame can eavesdrop on unsuspecting users through the built-in microphone in their computer, turn on a webcam for remote viewing, take periodic screen captures and store keystrokes. Scary stuff to be sure but it’s not new. Not by a long shot.

In fact, I wrote about a similar threat a dozen years ago in my book, Inside Internet Security: What Hackers Don’t Want You to Know,  in discussing a piece of malware making the rounds then called “Back Orifice.” See if anything in this excerpt sounds familiar…

NetBus control panel – a contemporary of Back Orifice

Among other things [Back Orifice] can:

  • monitor and store keystrokes entered by the user (including ‘hidden’ fields often indicated by a string of asterisks);
  • look over the user’s shoulder by capturing screen images;
  • execute commands of their choosing on the user’s system;
  • rename, copy and delete files on the user’s system;
  • connect to other systems via telnet or FTP;
  • open and close the CD-ROM drive (just for kicks!).

And if that wasn’t scary enough, they can even turn the victim’s machine into their own remote surveillance system. If a microphone or video camera is attached to the user’s system, hackers can turn these devices on and then sit back, listen in, and watch what their victim is doing.

So, not to diminish the seriousness of this latest malware (for those relatively few systems that are infected with it), but try not to get caught up in the hype that would lead you to believe that this is some sort of new quantum leap in the threatscape. In reality, this threat has existed for more than a decade. Most people simply didn’t know about it. But now you do … 🙂

  1. Jay says:

    I found your article via the keywords “flame” and “orifice”. I’m glad that you are exactly confirming what I thought. Kasperky is scaring the hell out of people with their “2012 doomsday talk” about cyber warfare. We”ve been there with BO 2000 and we’re still alive and well. We’ll live through this as well.

    • Absolutely right! The thing I tried to emphasize in my book all those years ago was that, in a sense, almost none of this is new. Just variations on a theme. The threats are real so we need to take them seriously but fearmongering isn’t the answer (unless your goal is just to get more clicks on your sensational news story).

  2. Nice read. I just passed this onto a buddy who was doing some research on that. He just bought me lunch since I found it for him! So let me rephrase: Thanks for the lunch!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s