cDc Charges MS w/ Distributing Cracker Software

davidr writes "Microsoft's response to Back Orifice 2000 has been to characterize it as a hacker tool instead of a network administration tool, because it can be installed stealthily and used to monitor users without their knowledge. cDc has reponded by pointing out that Microsoft's own tool, SMS, does the same exact thing! They've called for antivirus software for SMS and challenged Microsoft to recall it. " Read this one. Its interesting. Having never used SMS (hell, I haven't really used windows in a year or so) I'll leave it up to you guys to figure out if this is true.

SMS 1.2 and hiding. -- last links were bad.

[bkosse]

GIF of how to turn off visibility. Notice how both permission required and visible signal are unchecked.

All the warning you get. WUSER32 is the process (it's not visible under the Applications pane) that runs SMS.

I don't know what SMS 2.0 behaves like as we aren't using it here yet.

As well they should

[Knight]

Microsoft needs to take a true stand on the issue. Either hidden remote control software is malicious or it is not. If they claim BO2K is malicious, they need to pull SMS from the shelves, because their functionality is nearly identical. I don't think it really matters what a person thinks of cDc, or what they are doing. It's a simple matter of blatant hypocrisy, and, in my opinion, they are breaking the law by slandering a competing product. If cDc had the money, they could probably win a lawsuit.
---------------------------------------- ---------------
If you need to point-and-click to administer a machine,

Re:Something to bear in mind

[AaronW]

BO2K may have legitimate uses, but it seems to be most widely used for breaking into other computers or causing trouble. I'm running a Perl script called booby (available at http://members.home.com/lazyx/booby. This script simulates a BO infected system and logs all activity. BO seems to be a favorite for script kiddies. As a cable modem user I see a lot of BO activity. Here's some recent log entries (IP address and host name have been X-ed out):

Jul 21 21:56:04: xxxxxxxxxx.xxxxxx.xx.wave.home.com(24.xxx.xxx.xx): 1641 >>proclist
Jul 21 21:56:05: ...reply sent
Jul 21 21:56:22: xxxxxxxxxx.xxxxxx.xx.wave.home.com(24.xxx.xxx.xx): 1641 >>lockup
Jul 21 21:56:22: ...reply sent
Jul 21 21:56:29: xxxxxxxxxx.xxxxxx.xx.wave.home.com(24.xxx.xxx.xx): 1641 >>info
Jul 21 21:56:30: ...info sent
Jul 21 21:56:39: xxxxxxxxxx.xxxxxx.xx.wave.home.com(24.xxx.xxx.xx): 1641 >>passes
Jul 21 21:56:39: ...passwords sent
Jul 21 21:57:00: xxxxxxxxxx.xxxxxx.xx.wave.home.com(24.xxx.xxx.xx): 1641 >>reboot
Jul 21 21:57:00: ...reply sent
Jul 21 21:57:07: xxxxxxxxxx.xxxxxx.xx.wave.home.com(24.xxx.xxx.xx): 1641 >>passes
Jul 21 21:57:08: ...passwords sent
Jul 21 21:57:11: xxxxxxxxxx.xxxxxx.xx.wave.home.com(24.xxx.xxx.xx): 1641 >>reboot
Jul 21 21:57:12: ...reply sent
Jul 21 21:57:28: xxxxxxxxxx.xxxxxx.xx.wave.home.com(24.xxx.xxx.xx): 1641 >>proclist
Jul 21 21:57:29: ...reply sent
Jul 21 21:57:38: xxxxxxxxxx.xxxxxx.xx.wave.home.com(24.xxx.xxx.xx): 1641 >>lockup
Jul 21 21:57:38: ...reply sent
Jul 21 21:57:42: xxxxxxxxxx.xxxxxx.xx.wave.home.com(24.xxx.xxx.xx): 1641 >>lockup
Jul 21 21:57:42: ...reply sent
Jul 21 21:57:43: xxxxxxxxxx.xxxxxx.xx.wave.home.com(24.xxx.xxx.xx): 1641 >>lockup
Jul 21 21:57:43: ...reply sent
Jul 21 21:57:46: xxxxxxxxxx.xxxxxx.xx.wave.home.com(24.xxx.xxx.xx): 1641 >>info
Jul 21 21:57:47: ...info sent
Jul 21 21:57:59: xxxxxxxxxx.xxxxxx.xx.wave.home.com(24.xxx.xxx.xx): 1641 >>proclist
Jul 21 21:58:00: ...reply sent
Jul 21 21:58:12: xxxxxxxxxx.xxxxxx.xx.wave.home.com(24.xxx.xxx.xx): 1641 >>prockill 4291797281
Jul 21 21:58:13: ...reply sent
Jul 21 21:58:16: xxxxxxxxxx.xxxxxx.xx.wave.home.com(24.xxx.xxx.xx): 1641 >>proclist 4291797281
Jul 21 21:58:17: ...reply sent

As you can see, no useful tool would have commands like "lockup". I have seen more malicious attempts than this as well, such as one person who often launches DOS ping attacks against other users from BO infected machines.

As much as I hate Micro$loth, I must agree with them on this one. If there were a BO without all of the malicious features then perhapse it would be taken seriously, but with the stealth features and the crash features I think it's main purpose is fairly clear (at least to the script kiddies).