 |
This article includes a list of references, related reading or external links, but its sources remain unclear because it lacks inline citations. Please improve this article by introducing more precise citations where appropriate. (April 2009) |
 |
|
| Developer(s) | mobman |
|---|---|
| Stable release | 2.2.0 Beta |
| Written in | Delphi |
| Operating system | Microsoft Windows |
| Type | remote administration |
| License | freeware |
| Website | Sub7 website |
Sub7, or SubSeven or Sub7Server, is the name of a popular backdoor program. It is mainly used for causing mischief, such as hiding the computer cursor, changing system settings or loading up pornographic websites. However, it can also be used for more serious criminal applications, such as stealing passwords and credit card details. Its name was derived by spelling NetBus backwards ("suBteN") and swapping "ten" with "seven".
It was originally designed by someone with the handle mobman, whose whereabouts are currently unknown. No development has occurred in several years and the website had not been updated in a similar time (last time in April 2004). News messages were added later by "LaT" on April 6, 2006 and "Elecboy" on 05/07/06.
Among Sub7's capabilities are complete file system access and real-time keystroke logging. The latter capability makes it possible for Sub7 to be used to steal passwords and credit card information. It also installs itself into the WIN.INI file and the "run" key of the Windows Registry, in addition to adding a "runner" to the Windows Shell. Computer security expert Steve Gibson once said that with these features, Sub7 allows a hacker to take "virtually complete control" over a computer. Sub7 is so invasive, he said, that anyone with it on their computer "might as well have the hacker standing right next to them" while using their computer.[1]
Sub7 is usually stopped by antivirus software and a firewall, and with popular operating systems providing these features built in, it may become less of a computer security problem. However, if the executable is compressed, like being placed inside a .zip archive, some older antivirus software may not be able to detect it. Most modern antivirus applications have support to look inside archives, so this problem is now less critical than before. However sub7 still is very active and new undetectable servers are release now and again but mostly only to people who keep a low profile and dont allow the download to be made public. While most antivirus software programs will claim the user is safe, the fact is they could be infected by the clever ways the server file can hide as norton 360 found out in May 2008[1]. Sub7 is still being updated and is still very active, "just when you thought it was safe to go back into the water".
Like other backdoor programs, Sub7 is distributed with a server and a client. The server is the program that victims must be enticed to run in order to infect their machines, and the client is the program with a GUI that the user runs on their own machine to control the server. Sub7 allows crackers to set a password on the server, theoretically so that once a machine is owned (infected), no other crackers can take control of it.
Earlier versions, however, announced their availability by joining a secret IRC chat server where it posts all the details required for its use. They also posted the same details on a newsgroup.[1]
Sub7 has more features than Netbus (webcam capture, multiple port redirect, user-friendly registry editor, chat and more), but it always tries to install itself into windows directory and it does not have activity logging. Sub7 is also a bit less stable than Netbus.
However, older versions of the Sub7 server also have a master password, allowing anyone who knows the master password to take over the machine. In some older versions, the master password was 14438136782715101980 but this "feature" was later scrapped.
Some versions of the client contain Hard Drive Killer Pro code, intended to destroy the hard drive of an enemy of the authors. The code checks to see if the computer has ICQ and if the user account matches a specific number (7889118, the ICQ number of Sean Hamilton, a rival trojan author), and if so, bombs the drive. It is rumored that the intended target had his drive destroyed. [2]
References
- ^ a b Gibson, Steve. The strange tale of the denial of service attacks on grc.com. 2002-03-05.
External links
- http://www.hackpr.net/~sub7/
- http://www.sub7legends.com << offical site
|
|||||
This entry is from Wikipedia, the leading user-contributed encyclopedia. It may not have been reviewed by professional editors (see full disclaimer)
