http://www.geocities.com/SiliconValley/Hills/6550/trojan.htm Lee Brothers WHAT IS BACKFIRE? Ever wondered who was trying to hack into your computer using Back Orifice?, BackFire is your answer. It is design for those ex-Back Orifice's victims who think that removing the Trojan is not enough for them. They want take revenge, fooling those intruders back! BackFire will fake as the Back Orifice server and able to intercept Back Orifice communication port, track down IP that sending BO message to you. Furthermore, you have the power to flood them back! If lucky, their Back Orifice client will hang. Please do not run if BackFire.exe size is not 61,440 bytes! Please note that BackFire is not a Back Orifice trojan cleaner. Features Listening to Back Orifice port (UDP 31337) Intercept IP and Port source that connect to the BO port Replying BO Ping with any username you desired Logging incoming BO connection activities to a file Popup window or sound effect upon port connection received Implanted Anti-Flood Engine which might come in handy Enable you to choose modes for changing the behavior of BackFire upon BO data received Enable you to choose flood types in order to backfire back the intruder Enable you to see what are the intruders sending to you and verifying which BO command was sent Modes Currently there is 5 type of modes: Silent Mode: Only monitor BO activities, no return-fire, ping reply Greet Mode: Only reply BO Ping, no return-fire, do nothing if others BO command received Guard Mode: Most popular mode, reply BO Ping, return-fire if others BO command received War Mode: No BO Ping replies, return-fire on every BO command received Panic Mode: Special mode, which similar to War Mode but this only return-fire on every message received Flood Types Currently there are 2 types: Malformed Data Burst: Generate a random BO data with random size and send it back. Message Flood: Send back a pre-determine message and let the intruder see the message Tips: MDB is most effective against BoClient v1.2. It will make it hang! Message Flood is effective against BoClient v1.3. Although it will not hang, but make it very busy decrypting your data. This one also using is you want to warn people with message. Anti-Flood It is possible for lamers to design a anti-BackFire program by sending massive flood message. It will cause BackFire to hang. Just in case, I implanted an anti-flood engine to avoid this kind of problem. By enabling this function it will only allow data processing when the anti-flood delay passed. For an example: Enable Anti-Flood, Anti-Flood Delay set to 3 means when an incoming message arrived form listening port, the engine will automactically blocking any incoming data for 3 seconds, any data coming between that time will be ignore. Recognizing Back Orifice Commands BackFire has a built in BO crypto engine, which will decrypt and encrypt BO data. When a BO command is receive, it decrypts and verify what command does it send. It use the script file (BO.cmd which is included) to determine the command. Please note that file BO.cmd is very important for BackFire inorder to recognze the BO command. Files Required Visual Basic 5 runtime (MSVBVM50.DLL) Microsoft Windows Common Controls 5.0 SP2 (COMCTL32.OCX) NetManage Winsock Controls (ActiveX v6.02)