Sub7, or SubSeven or Sub7Server, is the name of a popular backdoor program. It is often used for causing mischief, such as hiding the computer cursor, changing system settings or loading up pornographic websites. However, it can also be used for more serious criminal applications, such as stealing passwords and credit card details. Its name was derived by spelling NetBus backwards ("suBteN") and swapping "ten" with "seven".
It was originally designed by someone with the handle 'mobman'. No development has occurred in several years and the official website (http://www.subseven.org) was updated recently announcing a new version that is scheduled for release on December 1st 2009. The Sub7 project was dormant for over 6 years until its return in July 2009 when mobman and fc decided to revive the project, marking 10 years after its original creation in 1999. In October 2009 mobman informed fc and the sub7crew via IRC that due to working and going to college full time that he will not be able to help with the current development of Sub7. The Sub7 source codes were give to fc so that fc and read101 and the sub7crew could continue to release the new version called Sub7 2.2 2009 as scheduled. mobman can still be found on the official irc server(irc.subseven.org) and the official forum(http://www.subseven.org/forum/) of Sub7. The sub7crew would like to give a special thanks to mobman for allowing the Sub7 project to carry on without him. We wish him the best and eagerly await his return.
Among Sub7's capabilities are complete file system access and real-time keystroke logging. The latter capability makes it possible for Sub7 to be used to steal passwords and credit card information. It also installs itself into the WIN.INI file and the "run" key of the Windows Registry, in addition to adding a "runner" to the Windows Shell.
Sub7 may be stopped by antivirus software and a firewall, and with popular operating systems providing these features built in, it may become less of a computer security problem. However, if the executable is compressed, like being placed inside a .zip archive, some older antivirus software may not be able to detect it. Most modern antivirus applications have support to look inside archives, so this problem is now less critical than before. However, Sub7 still is very active and new undetectable servers are release now and again but mostly only to people who keep a low profile and don't allow the download to be made public. While most antivirus software programs will claim the user is safe, the fact is they could be infected by the clever ways the server file can hide as norton 360 found out in May 2008[1].
Like other backdoor programs, Sub7 is distributed with a server and a client. The server is the program that victims must be enticed to run in order to infect their machines, and the client is the program with a GUI that the user runs on their own machine to control the server. Sub7 allows crackers to set a password on the server, theoretically so that once a machine is owned (infected), no other crackers can take control of it.
Earlier versions, however, announced their availability by joining a secret IRC chat server where it posts all the details required for its use. They also posted the same details on a newsgroup.[1]
Sub7 has more features than Netbus (webcam capture, multiple port redirect, user-friendly registry editor, chat and more), but it always tries to install itself into windows directory and it does not have activity logging. Sub7 is also a bit less stable than Netbus.
However, older versions of the Sub7 server also have a master password, allowing anyone who knows the master password to take over the machine. In some older versions, the master password was 14438136782715101980, but this "feature" was later scrapped.
Some versions of the client contain Hard Drive Killer Pro code, intended to destroy the hard drive of an enemy of the authors. The code checks to see if the computer has ICQ and if the user account matches a specific number (7889118, the ICQ number of Sean Hamilton, a rival trojan author), and if so, bombs the drive. It is rumored that the intended target had his drive destroyed. [2]
sub7 crew members
mobman Creator
fc Coder
read101 Coder
publicENEMY Webmaster / Gfx Design / Forums
SubZ IRC Administrator / Features / Beta Testing
cosmic Forums / Research / Beta Testing
swamp_rat Beta Testing
codecorrupted IRC Support / Forums
No comments:
Post a Comment