Sub7

Infobox Software
name = Sub7


caption =
developer = mobman
operating_system = Microsoft Windows
latest_release_version = 2.2.0 Beta
latest_release_date =
programming language = Delphi
genre = remote administration
license = freeware
website = [http://www.sub7legends.com Sub7 website]

Sub7, or SubSeven, is the name of a popular backdoor program. It is mainly used by script kiddies for causing mischief, such as hiding the computer cursor, changing system settings or loading up pornographic websites. However, it can also be used for more serious criminal applications, such as stealing credit card details with a keystroke logger. Its name was derived by spelling NetBus backwards ("suBteN") and swapping "ten" with "seven".

Sub7 is usually stopped by antivirus software and a firewall, and with popular operating systems providing these features built in, it may become less of a computer security problem. However, if the executable is compressed, like being placed inside a .zip archive, some older antivirus software may not be able to detect it. Most modern antivirus applications have support to look inside archives, so this problem is now less critical than before.

It was originally designed by Mobman, whose whereabouts are currently unknown. He is rumored to either have diedFact|date=July 2007 or become uninterested in continuing the project. At any rate, no development has occurred in several years. The website was not updated in several years (last time in April 2004), until there suddenly appeared a news message on April 6, 2006. The news was not by Mobman himself, but by someone who goes under the name LaT. Another message has been made as of 05/07/06 by Elecboy (see official site for details).vague

Like other backdoor programs, Sub7 is distributed with a server and a client. The server is the program that victims must be enticed to run in order to infect their machines, and the client is the program with a GUI that the cracker runs on his own machine to control the server. Sub7 allows crackers to set a password on the server, theoretically so that once a machine is owned (infected), no other crackers can take control of it.

Sub7 has more features than Netbus (webcam capture, multiple port redirect, user-friendly registry editor, chat and more), but it always tries to install itself into windows directory and it does not have activity logging. Sub7 is also a bit less stable than Netbus.

However, older versions of the Sub7 server also have a master password, allowing anyone who knows the master password to take over the machine. In some older versions, the master password was 14438136782715101980 but this "feature" was later scrapped.

Some versions of the client contain Hard Drive Killer Pro code, intended to destroy the hard drive of an enemy of the authors. The code checks to see if the computer has ICQ and if the user account matches a specific number (7889118, the ICQ number of Sean Hamilton, a rival trojan author), and if so, bombs the drive. It is rumored that the intended target had their drive destroyed. [http://www.megasecurity.org/Info/sub7_syphillis.html]

External links

* http://subseven.slak.org orig. release site
* http://www.sub7legends.com
* http://www.hackpr.net/~sub7/