Wednesday, March 19, 2008

Officepoltergeist: And Here I thought Back Orifice was Dead

The 90s were a lot of fun. All you needed to entertain yourself was a bit of viciousness, a stupid co-worker and a piece of genius-software that was called Back Orifice.

Back Orifice (and its many take-offs) was designed for remote system administration. It enables a user to control a computer running Windows from a remote location. In plain words - you install it on a person's computer and you can drive them NUTS by making their PC pop up weird error messages, open their CD tray, spy on them and even shut down their computer.

Very quickly, the anti-virus industry categorized Back Orifice as malware and added it to their quarantine lists. In other words, it will be very hard to install Back Orifice on a regular computer these days.

It appears that all hop is not lost for the script kiddies. They can try Officepoltergeist. This open-source software "allows you to take limited control of another person's computer", but the makers claim it's not Spyware, and that it "does not allow remote users to read data or execute potentially harmful commands".

OfficePoltergeist sets up a small server running on the victim's machine. The program, which hides in memory while it runs, waits silently for a connection on port 666. Any proper firewall should be able to prevent its use, but hey - not everybody uses a firewall!


  • OfficePoltergeist Controller - controls the poltergeist

  • OfficePoltergeist Server - runs on the victim's machine

  • mem86control.exe - same as above, only named something clever to evade detection

  • Have fun, you evil bastards :)