Only days after issuing a press release talking up its security, Xtra has admitted that attacks using the trojan horse program Back Orifice have seen customer passwords stolen.
Although Xtra has been dealing with Back Orifice infestations on customer PCs for months, it opened a page for "anti-virus information" this morning, apparently in response to press queries about password theft using the program.
The Back Orifice scare may not be the last upset for Xtra. Telecom security staff have been working with management at the Internet Group to investigate a claim that the attacks on the Ihug homepages machine was carried out from a static IP address under the control of Xtra. Results of the investigation are expected later today.
Although this morning's New Zealand Herald claims that a hacker has acquired the passwords of "hundreds" or Xtra customers, the company's new page says it "believes this type of virus to be responsible for the attacks on the connection user names and passwords of two of our customers."
If Back Orifice is downloaded and inadvertently executed on a Windows 95 or 98 PC, it allows the attacker full remote access to the machine. Files can be viewed, modified, and deleted, passwords stolen and hard drives formatted.
Xtra is not the only local ISP dealing with Back Orifice infestations - most have customers who have suffered.
The Xtra help site includes links to background material on Back Orifice and to AntiGen, a free program from the US company Fresh Software that cleans up the virus but does not prevent future infestations.