"That does seem a bit glib," says Paul Brette of Data Fellows Anti-Virus in the UK. "We are worried about the fact that it is open-source. We could see that being a big problem because polymorphic changes to the virus signature would be relatively easy to make and would make it more difficult to detect."
The BO2K virus was released by media-savvy hacking group Cult of the Dead Cow to coincide with the Def Con 7.0 computer security extravaganza held in Las Vegas last weekend. It is designed to enable remote access to Windows 95, 98 and NT operating systems.
The Cult's "Minister for Propaganda" Deth Vegetable published a press release describing BO2K as, "the most powerful application of its kind which puts the administrator solidly in control of any Microsoft network."
But Brette sees other reasons to be concerned by the release of BO2K, He is particularly worried by the fact that the Cult of the Dead Cow has been careful to remain anonymous, while giving away this "administrative tool" for free. "It makes you wonder what sort of motives they really have, what they could be hiding," he says.
Aled Miles, general manager at Symantec Anti-Virus believes BO2K is anything but child's play. "Anyone who calls BO2k child's play misunderstands the situation. If one person gets into someone else's computer and steals his or her data, that is a problem. It will probably not proliferate like Melissa, but that is not the point."
Strangely, Microsoft Window's Marketing Manager, Francess Fawcett, believes there is little cause for alarm, despite Symantec's reasoning. She believes the fact that ISS could decode it's source code in under 24 hours shows the simplicity of the program, and says they will not be treating it differently to any other virus."
A bizarre example of how well publicised Back Orifice has been is that ISS reportedly asked the Cult of the Dead Cow for a Beta version of the program. The response was that this would be supplied in return for, "one million dollars and a monster truck."