From Wikipedia, the free encyclopedia

Jump to: navigation, search
Developed by mobman
Latest release 2.2.0 Beta
Written in Delphi
Operating system Microsoft Windows
Type remote administration
License freeware
Website Sub7 website

Sub7, or SubSeven, is the name of a popular backdoor program. It is mainly used for causing mischief, such as hiding the computer cursor, changing system settings or loading up pornographic websites. However, it can also be used for more serious criminal applications, such as stealing credit card details with a keystroke logger. Its name was derived by spelling NetBus backwards ("suBteN") and swapping "ten" with "seven".

Sub7 is usually stopped by antivirus software and a firewall, and with popular operating systems providing these features built in, it may become less of a computer security problem. However, if the executable is compressed, like being placed inside a .zip archive, some older antivirus software may not be able to detect it. Most modern antivirus applications have support to look inside archives, so this problem is now less critical than before.

It was originally designed by someone with the handle mobman, whose whereabouts are currently unknown. This person is suspected to be a woman from South Africa based on greetings contained in the program itself. She is rumored to be uninterested in continuing the project or dead. At any rate, no development has occurred in several years and the website had not been updated in a similar time (last time in April 2004). News messages were added later by "LaT" on April 6, 2006 and "Elecboy" on 05/07/06 but the website is now Feb 24, 2009 inaccessible.[vague]

Like other backdoor programs, Sub7 is distributed with a server and a client. The server is the program that victims must be enticed to run in order to infect their machines, and the client is the program with a GUI that the user runs on their own machine to control the server. Sub7 allows crackers to set a password on the server, theoretically so that once a machine is owned (infected), no other crackers can take control of it.

Sub7 has more features than Netbus (webcam capture, multiple port redirect, user-friendly registry editor, chat and more), but it always tries to install itself into windows directory and it does not have activity logging. Sub7 is also a bit less stable than Netbus.

However, older versions of the Sub7 server also have a master password, allowing anyone who knows the master password to take over the machine. In some older versions, the master password was 14438136782715101980 but this "feature" was later scrapped.

Some versions of the client contain Hard Drive Killer Pro code, intended to destroy the hard drive of an enemy of the authors. The code checks to see if the computer has ICQ and if the user account matches a specific number (7889118, the ICQ number of Sean Hamilton, a rival trojan author), and if so, bombs the drive. It is rumored that the intended target had his drive destroyed. [1]

[edit] External links

Personal tools