Hackers admit virus in "Trojan horse" disk

After days of denial, the media-conscious group--which released the hacker tool Back Orifice 2000 last Saturday--admitted that the CDs it handed out at the hacker conference DefCon were infected with a computer virus called CIH or Chernobyl, as previously reported.

The admittedly embarrassed Cult of the Dead Cow has issued a mea culpa.

"It was not our plan to do this; and frankly, it makes us look like idiots," a Dead Cow member, who calls himself Omega, wrote in an email to CNET News.com this afternoon.

Omega denied rumors that the hackers intentionally infected the CDs. "This is a lie. The whole thing is a...mystery to us; we don't know how the virus got onto our CDs."

CDC says a virus-free version of the controversial code was posted this afternoon on a full-blown B02K Web site, BO2K being shorthand for the program's name.

If questions of competence weren't enough, earlier today the group warned people interested in posting B02K code on the Net to be careful about running afoul of U.S. regulations, which prohibit export of strong encryption.

"These elements are subject to export restrictions of the Bureau of Export Administration. It's a serious crime to post them without following their guidelines or getting an export license," the group warned.

Dead Cow's so-called "foreign minister," who goes by Oxblood ruffin!cDc, explained the warning about exporting strong cryptography in an email: "The munitions act [as ridiculous as it is] proscribes the export of strong encryption. We do not support the law...and we take our responsibilities to the hacking community seriously enough to advise folks of the reality surrounding this situation."

"Deth Veggie," who describes himself as minister of propaganda for Cult of the Dead Cow, blamed those encryption regulations for the delay in posting the BO2K code.

"Basically it took some last-minute tweaking to get our domestic-only distribution site for the strong crypto version up and running," Veggie wrote in an email last night.

If B02K is installed on a PC, it lets someone take control of the machine, a handy tool for network administrators that can also be used maliciously by outsiders trying to break into a network. So far, none of the agencies that track attacks via the Internet have reported any cases of B02K infections.

Dead Cow members describe BO2K as a remote administration tool for Windows NT networks, but Microsoft denounces it. Back Orifice 2000, an update to a similar program released a year ago, is considered a "Trojan horse," the term for software that appears to be beneficial but also has a more nefarious purpose.

"Bo2K is not a malicious program; it's a powerful program for controlling a computer," Dead Cow member Count Zero said in a phone interview this afternoon. "The fact that it could be used maliciously throws into the bright light the fact that the security model for Windows is pretty poor. People should not have to be afraid to run things on their computers."

Count Zero, whose day job is working in the computer area of a medical organization, said B02K is a means to spark debate.

"We're trying to throw into light that maybe your operating system shouldn't let people do [malicious things]," he said. "We take it for granted that it's normal to be afraid to run stuff on the computer. If we really wanted to cause problems, we wouldn't have done so publicly. We can't see any other way to raise these issues loud enough."

Most Internet security firms have scurried to post software that detects or removes B02K from PCs or networks--all before the code is officially available from its sponsors.