Sub7

From Wikipedia, the free encyclopedia

Sub7

Developer: Mobman
Latest release: 2.1.5 Legend /
OS: Microsoft Windows
Use: remote administration, trojan horse
License: freeware
Website: Sub7 official site

Sub7, or SubSeven, is the name of a popular trojan or backdoor program. It is mainly used by script kiddies for causing mischief, such as hiding the computer cursor, changing system settings or loading up pornographic websites. However, it can also be used for more serious criminal applications, such as stealing credit card details with a keystroke logger.

Sub7 is usually stopped by antivirus software and a firewall, and with popular operating systems providing these features built in, it may become less of a computer security problem. However if an EXE packer is in use, it may pass through antivirus software.

It was originally designed by mobman, whose whereabouts are currently unknown. He is rumored to either have deceased or have become uninterested in continuing the project. Some claim to have spoken with him and maintain that he is not dead. At any rate, no development has occurred in several years. The website was not updated in several years (last time in April 2004), until there suddenly appeared a news message on April 6, 2006. The news was not by mobman himself, but by someone who goes under the name LaT. Another message has been made as of 05/07/06 by Elecboy (see offical site for details).

Like other backdoor programs, Sub7 is distributed with a server and a client. The server is the program that victims must be enticed to run in order to infect their machines, and the client is the program with a GUI that the script-kiddie runs on his own machine to control the server. Sub7 allows crackers to set a password on the server, theoretically so that once a machine is owned (infected), no other crackers can take control of it.

Sub7 has more features than netbus (webcam capture, multiple port redirect, user-friendly registry editor, chat and more), but it always tries to install itself into windows directory and it does not have activity logging. Sub7 is also a bit less stable than Netbus.

However, older versions of the Sub7 server also have a master password, allowing anyone who knows the master password to take over the machine. In some older versions, the master password was 14438136782715101980 but this "feature" was later scrapped.

Some versions of the client contain Hard Drive Killer Pro code, intended to destroy the harddrive of an enemy of the authors. The code checks to see if the computer has ICQ and if the user account matches a specific number (7889118, the ICQ number of Sean Hamilton, a rival trojan author), and if so, bombs the drive. It is rumored that the intended target had their drive destroyed. [1]


[edit] External links

Remote administration software
Apple Remote Desktop | Back Orifice | Back Orifice 2000 | Microsoft Systems Management Server | NetBus | Remote Desktop Protocol | RM-X General Purpose Control | Sub7 | Timbuktu | Virtual Network Computing
In other languages