| abstract
| - <default>Sub7</default> Type Subtype Creator(s) Date Place of Origin Source Language Platform File Type Aliases Family File Size Infection Size Infection Impact Reported Costs MD5 Hash SHA1 Hash CRC32 Hash Sub7, or SubSeven or Sub7Server is a trojan and a RAT (Remote Administration Tool). Its name was derived by spelling NetBus backwards ("suBteN") and swapping "ten" with "seven".
- Sub7, or SubSeven or Sub7Server, is the name of a Remote Administration Tool (RAT) program. Its name was derived by spelling NetBus backwards ("suBteN") and swapping "ten" with "seven". It was originally designed by someone with the handle 'mobman'. No development has occurred in several years until a new version scheduled for release on Feb. 28th, 2010. The Sub7 project was dormant for over 6 years until. In October 2009 mobman was alleged to have stated via IRC that due to working and going to college full time that he will not be able to help with Sub7. Like other remote admin programs, Sub7 is distributed with a server and a client. The server is the program that the host must run in order to have their machines controlled remotely, and the client is the program with a GUI that the user runs on their own machine to control the server/host PC. Sub7 has more features than Netbus (webcam capture, multiple port redirect, user-friendly registry editor, chat and more), but it always tries to install itself into windows directory and it does not have activity logging. In 2006 a website (sub7legedns.com) / (sub7legends.net) with hundreds of thousands of users kept the sub7 alive with clean downloads and support and new software. A new version was created by defcon but not released that only a hand full of people knew about and used well. A 2.3 was released on March 9, 2010 by a few users such as read101 and fc and others by was not tested and proved to buggy with no support. The website was later hacked by "unnamed" we should keep that way, due to a user named fc on opensource. SubSeven 2.3 had been revamped to work on all 32bit and 64bit versions of Windows and includes TCP Tunnel and Password Recovery for browsers, instant messengers and email clients, but very buggy anmd untested. SubSeven has been used to gain unauthorized access to computers. While it can be used for making mischief (such as making sound files play out of nowhere, change screen colors, etc.), it can also read keystrokes that occurred since the last boot—a capability that can be used to steal passwords and credit card numbers. In 2003, a hacker began distributing a Spanish-language email purporting to be from security firm Symantec that was used to trick recipients into downloading Sub7. Nearly all antivirus programs can detect Sub7 and prevent it from being installed unless steps are taken to hide it.
|
![[RDF Data]](/fct/images/sw-rdf-blue.png)