Date:         Fri, 9 Jul 1999 08:11:34 -0700
Reply-To:     "Cort, Joel" <Joel.Cort@USA.XEROX.COM>
Sender:       Vanagon Mailing List <vanagon@gerry.vanagon.com>
From:         "Cort, Joel" <Joel.Cort@USA.XEROX.COM>
Subject:      FW: Alert: Back Orifice 2000 - NO VANAGON CONTENT but common sens
              e
Content-type: text/plain; charset=iso-8859-1

FYI
I have received a number of messages already today about this release.  I
believe it might be worth the effort to avoid panic by sending out a notice
to alert that this 'product' is being released and warn you to be alert to
(and report) any unusual or suspicious activities.
Over the past few months many people have had their computers affected by
problems caused by viruses which could have been prevented by the safe use
of email.  Many of you may have already heard, Back Orifice 2000 will be
released this Saturday, July 10th, at Def Con by the "Cult of the Dead Cow,"
a well-established quasi-underground group of hackers.  The software, which
makes it easy for computer intruders to hijack Windows-based PCs connected
to the Internet, will be freely available on the Net. Much mischief is
expected to follow.  This new release is expected to run on Windows NT, as
well as Windows 95/98.
To try to reduce the spread of viruses, the following are some Email
practices which could help reduce the problems these viruses can cause:
Any email message you receive which includes an attachment might cause
problems for your computer. Therefore, if you receive an email message
containing an
attachment, and did not expect it, or don't know the person its from
personally, do the following;
        1.      DON'T TOUCH THE ATTACHMENT. Don't open it, don't view it,
don't save it to disk.
        2.      Contact the person who sent it to you and verify they
actually sent it to you.
        3.      Ask them what it is, specifically.
        4.      If you are at all unsure about it, contact the person you
turn to if your computer is acting up. If you're in an office, contact your
Network Administrator. If you are at home, contact your ISP (Internet
dial-up provider). DO NOT SEND THEM A COPY OF THE ATTACHMENT, describe it to
them and then wait until they ask you for it.

If you are going to send someone an email message and include an attachment
yourself, then do the following;
        1.      Before you send the message with the attachment, ALWAYS send
the recipient a message telling them you are about to send them an
attachment. This will, at least, let them know to expect a message with an
attachment from you.
        2.      Avoid sending messages with attachments that contain
executable code (codes that run things), like Word documents with macros.
This will avoid the embarrassment of you sending them a virus if you are
already infected.
        3.      Run an Anti-virus product, but don't rely on it to
completely protect you. New viruses appear sooner than the antidote against
them.  You may be sending someone a virus that has not been seen before by
your Anti-virus vendor, so it may not be able to tell it is a virus.

Always err on the side of using email safely.
This problem is not going away. You need to think of this like you think of
locking your doors at night, or like you think about riding a bike on a busy
street. There are safe ways, and unsafe ways, be smart, ask questions, and
think before you click on things.
Many of the recommendations in this note have come from SecurityAdvice.com.
-----Original Message-----
Sent:   Thursday, July 08, 1999 4:18 PM
To:     NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
<mailto:NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM>
Subject:        Alert: Back Orifice 2000


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

As you may or may not have heard, the new version of the cDc tool Back
Orifice, BO2k, will be released on Saturday at Def Con. Amongst its many
"features" are two notables;

        1.      It runs on Windows NT now.
        2.      Its "Open Source", which means it can be altered into
anything by anyone capable (making it near impossible to find a "signature"
that identifies it).

I have written an Editorial about BO2k, or maybe more importantly, why a
tool like BO2k is a threat. See;

http://ntbugtraq.ntadvice.com/bo2000.asp
<http://ntbugtraq.ntadvice.com/bo2000.asp>
I have also written an Open Letter regarding Safe Email Practices which I
think everyone should have a look at. I will be sending a copy of it to
NTBugtraq so you can forward it. It can be seen at;

http://ntbugtraq.ntadvice.com/safemail.asp
<http://ntbugtraq.ntadvice.com/safemail.asp>
For other sites with information about BO2k, see;
http://www.bo2k.com/ <http://www.bo2k.com/>
http://www.msnbc.com/news/287542.asp <http://www.msnbc.com/news/287542.asp>
http://www.entmag.com/breaknews.asp?ID=1013
<http://www.entmag.com/breaknews.asp?ID=1013>

                                Cheers,
                                Russ - NTBugtraq Editor

-----BEGIN PGP SIGNATURE-----
Version: PGP 6.0.2

iQA/AwUBN4UHfc+Ua7J6A+woEQL74wCeMZaai15lwQhc6FQbNi5Iq9zDoEUAniAr
gZpoyUC+IfF9PdxR4idwZp8s
=PyOa
-----END PGP SIGNATURE-----


Thanks,

Joel B. Cort

Xerox TSI
Corporate Information Security
161 Chestnut Street
Building 875 - 2A
Rochester, NY 14604
* (716) 423-3851    8*223-3851
* joel.cort@usa.xerox.com <***********************>