McAfee > Theat Center > Virus Detail Page

Overview

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Aliases

• JV/Orifice

Characteristics

"Brown Orifice" (BrO) is proof of concept code designed to convert an Internet connected system running Netscape into a shared file server via a Java session. In the design of the system, the host machine can only be used for read/write access. This is unlike the program known as Back Orifice which can completely control a system using remote administration.

One important note is that in the initial design of BrO, a user would have to intentionally visit the hosting code site and choose to share their drive. Terminating the Java session and browser would effectively cut the connection.

This proof is designed to illustrate a vulnerability which exists within Netscape and the method of handling the instruction set based around this specific Java code.

Symptoms

Open port connection on TCP port 8080 after visiting the hosting site web page and Java applet is running; other symptoms include file creation or deletion by connected users in subdirectories of the initial share.

Method of Infection

BrO requires the user to run Java applet code on Netscape. The code opens a port connection and stays active while the browser window is open. Once the browser window is closed and Netscape is closed, the connection is disabled.

Removal

-

Variants

Variants

N/A

All Information

Overview -

This is a trojan detection. Unlike viruses, trojans do not self-replicate. They are spread manually, often under the premise that they are beneficial or wanted. The most common installation methods involve system or security exploitation, and unsuspecting users manually executing unknown programs. Distribution channels include email, malicious or hacked web pages, Internet Relay Chat (IRC), peer-to-peer networks, etc.

Aliases

• JV/Orifice

Characteristics

Characteristics -

"Brown Orifice" (BrO) is proof of concept code designed to convert an Internet connected system running Netscape into a shared file server via a Java session. In the design of the system, the host machine can only be used for read/write access. This is unlike the program known as Back Orifice which can completely control a system using remote administration.

One important note is that in the initial design of BrO, a user would have to intentionally visit the hosting code site and choose to share their drive. Terminating the Java session and browser would effectively cut the connection.

This proof is designed to illustrate a vulnerability which exists within Netscape and the method of handling the instruction set based around this specific Java code.

Symptoms

Symptoms -

Open port connection on TCP port 8080 after visiting the hosting site web page and Java applet is running; other symptoms include file creation or deletion by connected users in subdirectories of the initial share.

Method of Infection

Method of Infection -

BrO requires the user to run Java applet code on Netscape. The code opens a port connection and stays active while the browser window is open. Once the browser window is closed and Netscape is closed, the connection is disabled.

Removal -

Removal -

-

Variants

Variants -

N/A