-
October 21st, 2002, 06:24 AM
#1
Senior Member
sub 7, trojan etc
Just now I review old post in antivirus forum. I found out that some of the forum or discussion mentioned about sub 7. someone recommended to go to this http://www.f-secure.com/v-descs/subseven.shtml site to know bout sub 7. It seem like sub 7 is a trojan. But if i not mistaken someone posting a post and said
If my sub 7 can hack ......
.
Yes of course I search for it and cannot found explaination satisfied me. So isn't sub 7 is a program or a trojan or programing language but I don't it is a programming language coz dunno but I'm pretty sure bout it.
Now my next question is:
I had view some of the trojan treat and how to remove the trojan. But wat I wondering is why ppl or someone explain or make tutorials how to remove the trojan or tips to do if the effected with trojan neither than using using av or sth. I write this because all of the removing manual for trojan is old trojan and I don't think hacker or what ever the name to do the attack.
Thank for the responce and sorry for my bad english.
thank again..
-
October 21st, 2002, 08:17 AM
#2
Hey,
Sub7 (The original state) is a writing program to create viruses. It's a simple learning tool to write simple code for viruses. Some people have created copies of sub7 and turned them into trojans knowing some script kiddies will be looking for a copy to use, thus infecting them with trojan horses.
As for finding tutorials on removing trojan tutorials, good place to look is with google.com.
Punch in something like "trojan tutorial" or "trojan removal guide" or so.
Here's a great article about trojans. http://www.hackguard.net/trojans.htm
As well, this article from Symantic (Norton) about removal.
http://securityresponse.symantec.com...jan.horse.html
-
October 21st, 2002, 09:29 AM
#3
Sub7 (The original state) is a writing program to create viruses. It's a simple learning tool to write simple code for viruses. Some people have created copies of sub7 and turned them into trojans knowing some script kiddies will be looking for a copy to use, thus infecting them with trojan horses.
never heard that before - always thought that it was a backdoor trojan ( well backdoor trojan isn't an acurate description - but neither is it a backdoor virus as a virus ius usually defined by its ability to duplicate itself - it only becomes a trojan when bound to another file - hiding its malicous nature....but i will just call it a backdoor trojan anyways ) created by mobman - the version i heard was that mobman set about creating it after fooling around with netbus ( one of the very first backdoor trojans ) - the story i heard was that he simply reversed netbus and got subten which he later changed to subseven
some background info
Inside the SubSeven DEFCON8 Trojan Horse...
Deconstructing SubSeven, the Trojan Horse of Choice
Sub7 demo
sub7 removal
these are just the first few url's i turned up with google - the is a lot of information regarding sub7 - its removal, its origins and its history out there - just check google for more....
btw: before people start negin' for this thread i do not support sub7 or its use by kiddiots - am just trying to provide some information...which after all is what AO is all about!
v_Ln
-
October 21st, 2002, 11:31 AM
#4
oops! way off on my info. maybe I should start getting some sleep before doing the nightshift at work. thanks for pointing out the mistake v_Ln!
thanks also for the little history lesson! always fun to learn new things!
-
October 21st, 2002, 12:22 PM
#5
Member
Sub7 comes in 3 parts: The actual trojan, the editor for the trojan, and the client.
The trojan is the actual infection that installs itself, and allows the system to be remotely controlled by the client. The client is really REALLY easy to use. Just enter in the IP adress of the infected victim, and it connects giving you full access to their computer!!! It has lots of quite humouress abilities such as being able to bring up a black screen on the victims computer and simulate the scene from the matrix.
The editor, or 'programming language' as described above is just a simple editor of the trojan that edits a number of aspects of the trojan such as start up method and which ICQ to send the victims passwords to D:.
Personally i recomend playing around with it on friends computers, but be prepared to scan your whole computer for other virus;s instaled with sub7.
-
October 21st, 2002, 02:54 PM
#6
Senior Member
You can scan your sys with a trojan remover like proport.In this case the trojan is well known and the port it connects to .So just a netstat can reveal if your are infected or not.BTW thanx for the extra info.
-
October 21st, 2002, 03:05 PM
#7
I would compliment that netstat with the output from fport (go to foundstone). Fport can tell you what app is using what ports you are questioning which will make it easier to remove.
"When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
"There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
"Mischief my ass, you are an unethical moron." - chsh
Blog of X
-
October 21st, 2002, 03:08 PM
#8
As too why people are still writing tutoriels on removing such an old trojan, its because although it is very old, as you say, its still very much used by those new to 'hacking'. They want to impress their friends with the powers they weild over the computers of others less experianced in computing than themselves. These less experienced targets have not yet realized the dangers of running a computer on the internet unprotected and do not want to spend the money for third party protection software. And yes, you are right anti-virus software does detect and disable sub7
Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
-
October 21st, 2002, 03:20 PM
#9
Personally i recomend playing around with it on friends computers, but be prepared to scan your whole computer for other virus;s instaled with sub7.
heh yeah including HDK (hard drive killer) built in to sub7 binus ( i think if memory serves correctly ) - mobman contacted mumba jumba and with his help installed bound HDK with the sub7 client - not the server!
This had only one purpose however - to erase the hard-drive of some kid that was annoying mobman....HDK would only activate when it found a certain ICQ file containing the kids UIN
you can read about it here
i appologise for any inacuracies in my above post - but it has been quite a while sent I read about it...
v_Ln
-
October 21st, 2002, 06:24 PM
#10
Senior Member
Thank q all for the respond. well I'm visiting this site http://www.hackguard.net/trojans.htm
before i sent this post. well it make me curios and scared bout all those thing that why I send this post. But as far as I concern is, how scary if u effected with sub 7. It just like u give ur pc to the hacker. But it have the advantages. Well for me u can monitor wat ur kids doing at home or sth. Well have pros and cons. So I guess it depend on the hacker wat he wanna do. If the want do good thing, well for me sub 7 is a good software, and if the want do bad thing, then sub 7 is the scariest virus. am I right.
by the way thank q for all the iformation. I appreciate it
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|