Back Orifice was designed with a client-server architecture. A small and unobtrusive server program is installed on one machine, which is remotely manipulated by a client program with a graphical user interface on another computer system. The two components communicate with one another using the TCP and/or UDP network protocols. In a reference to the growing Leet phenomenon, this program commonly runs on port 31337.
The program debuted at DEF CON 6 on August 1, 1998. It was the brainchild of Sir Dystic, member of the US hacker organisation Cult of the Dead Cow. According to the group, its purpose was to demonstrate the lack of security in Microsoft's operating system Windows 98.
Until recently, Microsoft Windows was a single-user desktop operating system, which was never designed to function as a secure networking platform. Despite this, Microsoft marketed Windows as the preferred solution for computer users primarily interested in accessing the Internet. The strategy worked, and Windows enjoyed extremely high market penetration. As a result of the proliferation of Windows systems across the Internet, the operating system was ideally suited for the demonstration of a hacker tool.
Although Back Orifice has legitimate purposes, such as remote administration, there are other factors that make it suited for less benign business. The server can hide itself from cursory looks by users of the system. If wrapped inside a Trojan horse, it can be installed without trouble and used as an attack point or just to spy on or harass the unsuspecting user.
For those and other reasons, the antivirus industry immediately categorized the tool as malware and appended Back Orifice to their quarantine lists. Despite this fact, it was widely used by script kiddies because of its simple UI and ease of installation.
Back Orifice was followed by Back Orifice 2000 in 1999.