Just now I review old post in antivirus forum. I found out that some of the forum or discussion mentioned about sub 7. someone recommended to go to this http://www.f-secure.com/v-descs/subseven.shtml site to know bout sub 7. It seem like sub 7 is a trojan. But if i not mistaken someone posting a post and said
If my sub 7 can hack .......
Yes of course I search for it and cannot found explaination satisfied me. So isn't sub 7 is a program or a trojan or programing language but I don't it is a programming language coz dunno but I'm pretty sure bout it.

Now my next question is:
I had view some of the trojan treat and how to remove the trojan. But wat I wondering is why ppl or someone explain or make tutorials how to remove the trojan or tips to do if the effected with trojan neither than using using av or sth. I write this because all of the removing manual for trojan is old trojan and I don't think hacker or what ever the name to do the attack.

Thank for the responce and sorry for my bad english.
thank again.. :)

Hey,

Sub7 (The original state) is a writing program to create viruses. It's a simple learning tool to write simple code for viruses. Some people have created copies of sub7 and turned them into trojans knowing some script kiddies will be looking for a copy to use, thus infecting them with trojan horses.

As for finding tutorials on removing trojan tutorials, good place to look is with google.com.
Punch in something like "trojan tutorial" or "trojan removal guide" or so.

Here's a great article about trojans. http://www.hackguard.net/trojans.htm
As well, this article from Symantic (Norton) about removal.
http://securityresponse.symantec.com/avcenter/venc/data/trojan.horse.html

Sub7 (The original state) is a writing program to create viruses. It's a simple learning tool to write simple code for viruses. Some people have created copies of sub7 and turned them into trojans knowing some script kiddies will be looking for a copy to use, thus infecting them with trojan horses.

never heard that before - always thought that it was a backdoor trojan ( well backdoor trojan isn't an acurate description - but neither is it a backdoor virus as a virus ius usually defined by its ability to duplicate itself - it only becomes a trojan when bound to another file - hiding its malicous nature....but i will just call it a backdoor trojan anyways ;) ) created by mobman - the version i heard was that mobman set about creating it after fooling around with netbus ( one of the very first backdoor trojans ) - the story i heard was that he simply reversed netbus and got subten which he later changed to subseven

some background info
Inside the SubSeven DEFCON8 Trojan Horse... (http://www.monitor.ca/monitor/issues/vol8iss4/feature4.html)
Deconstructing SubSeven, the Trojan Horse of Choice (http://rr.sans.org/toppapers/subseven.php)
Sub7 demo (http://lockdowncorp.com/trojandemo.html)
sub7 removal (http://www.geocities.com/Pentagon/Quarters/5077/new/sub7guide/)

these are just the first few url's i turned up with google - the is a lot of information regarding sub7 - its removal, its origins and its history out there - just check google (http://www.google.com) for more....

btw: before people start negin' for this thread i do not support sub7 or its use by kiddiots - am just trying to provide some information...which after all is what AO is all about!

v_Ln

oops! way off on my info. maybe I should start getting some sleep before doing the nightshift at work. thanks for pointing out the mistake v_Ln!

thanks also for the little history lesson! always fun to learn new things! :)

Sub7 comes in 3 parts: The actual trojan, the editor for the trojan, and the client.

The trojan is the actual infection that installs itself, and allows the system to be remotely controlled by the client. The client is really REALLY easy to use. Just enter in the IP adress of the infected victim, and it connects giving you full access to their computer!!! It has lots of quite humouress abilities such as being able to bring up a black screen on the victims computer and simulate the scene from the matrix.
The editor, or 'programming language' as described above is just a simple editor of the trojan that edits a number of aspects of the trojan such as start up method and which ICQ to send the victims passwords to D:.

Personally i recomend playing around with it on friends computers, but be prepared to scan your whole computer for other virus;s instaled with sub7.

You can scan your sys with a trojan remover like proport.In this case the trojan is well known and the port it connects to .So just a netstat can reveal if your are infected or not.BTW thanx for the extra info.

I would compliment that netstat with the output from fport (go to foundstone). Fport can tell you what app is using what ports you are questioning which will make it easier to remove.

As too why people are still writing tutoriels on removing such an old trojan, its because although it is very old, as you say, its still very much used by those new to 'hacking'. They want to impress their friends with the powers they weild over the computers of others less experianced in computing than themselves. These less experienced targets have not yet realized the dangers of running a computer on the internet unprotected and do not want to spend the money for third party protection software. And yes, you are right anti-virus software does detect and disable sub7

Personally i recomend playing around with it on friends computers, but be prepared to scan your whole computer for other virus;s instaled with sub7.

heh yeah including HDK (hard drive killer) built in to sub7 binus ( i think if memory serves correctly ) - mobman contacted mumba jumba and with his help installed bound HDK with the sub7 client - not the server!

This had only one purpose however - to erase the hard-drive of some kid that was annoying mobman....HDK would only activate when it found a certain ICQ file containing the kids UIN

you can read about it here (http://www.hackology.com/programs/hdkp/ginfo.shtml)

i appologise for any inacuracies in my above post - but it has been quite a while sent I read about it...

v_Ln

Thank q all for the respond. well I'm visiting this site http://www.hackguard.net/trojans.htm
before i sent this post. well it make me curios and scared bout all those thing that why I send this post. But as far as I concern is, how scary if u effected with sub 7. It just like u give ur pc to the hacker. But it have the advantages. Well for me u can monitor wat ur kids doing at home or sth. Well have pros and cons. So I guess it depend on the hacker wat he wanna do. If the want do good thing, well for me sub 7 is a good software, and if the want do bad thing, then sub 7 is the scariest virus. am I right.
by the way thank q for all the iformation. I appreciate it

Just to throw my 2 cents in:

Sub7 is the illegal form of a RAT (Remote Administrative Tool) and nothing more. Some features added such as cached pw recovery and key logging make it seem more like a trojan, which it's not. Sub7 does not send out anything unless the controller of the interface asks it to do so.

Nothing more then a remote controll for you PC (although more usefull to those wishing to cause harm)

I'm going to have to disagree with you cross sub7 is not illegal. It can be used to do illegal things but simply having the client on your computer doesn’t break any laws.

That's very true, and if you want a Remote Administration tool that the purpose isn't to cause harm or to be lame, search for Remote Administrator. It is a pretty good way to keep tabs on another computer on a network or another one of your computers and works similar to that of a Trojan, just not meant to cause harm or to destroy things.

For a anti-sub7 program, just use a anit-virus or a firewall.
But to have some fun with the person connecting to your computer, you can use a program called sub007. This sets up a fake sub7 server, which logs the attackers IP, and can do a number of things back to him. Im struggling to find a link with more info on it because the school im posting from has alot of site restrictions. Ill post a link later.

Its not really a RAT program for anything but fun. It could never be used in a large company, or do anything really useful. If you want a RAT thats being labeled a virus download the infamous BO2K(back orifice 2000) designed by Cult of Dead Cow (CdC).
B02K is a really good RAT, but was used by alot of hackers because of the ease of customisation, and it being free! They could code their own plugin's for the 'trojan', making it very powerful. Alot of companies were pissed off that there was a really top notch RAT, for windows, for free. I think that is one major reason its now labeled a virus by AV's.

i don't think CdC would like you giving credit to 10opt for making BO, not that anybody really cares

Sub7, NetBus, BO2K.. etc etc.. all thesame in logic really..
Scripts made by programmers/hackers and used by script kiddies.
none of us here would really consider it as a legit form of hacking since any half-wit computer-literate person can run netstat, send the trojan and click-click-click away. no "RAEL" work is happenin considering its the script does the real work.

mupp3t & V_Ln,

Thanks for pointing that point out, about HDK. That's what I was talking about, just in serious garble....

I really should switch from nights to day.... :)