sub 7, trojan etc
Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: sub 7, trojan etc

  1. #1
    Senior Member
    Join Date
    Mar 2002
    Posts
    153

    sub 7, trojan etc

    Just now I review old post in antivirus forum. I found out that some of the forum or discussion mentioned about sub 7. someone recommended to go to this http://www.f-secure.com/v-descs/subseven.shtml site to know bout sub 7. It seem like sub 7 is a trojan. But if i not mistaken someone posting a post and said
    If my sub 7 can hack ......
    .
    Yes of course I search for it and cannot found explaination satisfied me. So isn't sub 7 is a program or a trojan or programing language but I don't it is a programming language coz dunno but I'm pretty sure bout it.

    Now my next question is:
    I had view some of the trojan treat and how to remove the trojan. But wat I wondering is why ppl or someone explain or make tutorials how to remove the trojan or tips to do if the effected with trojan neither than using using av or sth. I write this because all of the removing manual for trojan is old trojan and I don't think hacker or what ever the name to do the attack.

    Thank for the responce and sorry for my bad english.
    thank again..

  2. #2
    Banned
    Join Date
    Mar 2002
    Posts
    968
    Hey,

    Sub7 (The original state) is a writing program to create viruses. It's a simple learning tool to write simple code for viruses. Some people have created copies of sub7 and turned them into trojans knowing some script kiddies will be looking for a copy to use, thus infecting them with trojan horses.

    As for finding tutorials on removing trojan tutorials, good place to look is with google.com.
    Punch in something like "trojan tutorial" or "trojan removal guide" or so.

    Here's a great article about trojans. http://www.hackguard.net/trojans.htm
    As well, this article from Symantic (Norton) about removal.
    http://securityresponse.symantec.com...jan.horse.html

  3. #3
    Flash M0nkey
    Join Date
    Sep 2001
    Posts
    3,447
    Sub7 (The original state) is a writing program to create viruses. It's a simple learning tool to write simple code for viruses. Some people have created copies of sub7 and turned them into trojans knowing some script kiddies will be looking for a copy to use, thus infecting them with trojan horses.
    never heard that before - always thought that it was a backdoor trojan ( well backdoor trojan isn't an acurate description - but neither is it a backdoor virus as a virus ius usually defined by its ability to duplicate itself - it only becomes a trojan when bound to another file - hiding its malicous nature....but i will just call it a backdoor trojan anyways ) created by mobman - the version i heard was that mobman set about creating it after fooling around with netbus ( one of the very first backdoor trojans ) - the story i heard was that he simply reversed netbus and got subten which he later changed to subseven

    some background info
    Inside the SubSeven DEFCON8 Trojan Horse...
    Deconstructing SubSeven, the Trojan Horse of Choice
    Sub7 demo
    sub7 removal

    these are just the first few url's i turned up with google - the is a lot of information regarding sub7 - its removal, its origins and its history out there - just check google for more....

    btw: before people start negin' for this thread i do not support sub7 or its use by kiddiots - am just trying to provide some information...which after all is what AO is all about!

    v_Ln

  4. #4
    Banned
    Join Date
    Mar 2002
    Posts
    968
    oops! way off on my info. maybe I should start getting some sleep before doing the nightshift at work. thanks for pointing out the mistake v_Ln!

    thanks also for the little history lesson! always fun to learn new things!

  5. #5
    Sub7 comes in 3 parts: The actual trojan, the editor for the trojan, and the client.

    The trojan is the actual infection that installs itself, and allows the system to be remotely controlled by the client. The client is really REALLY easy to use. Just enter in the IP adress of the infected victim, and it connects giving you full access to their computer!!! It has lots of quite humouress abilities such as being able to bring up a black screen on the victims computer and simulate the scene from the matrix.
    The editor, or 'programming language' as described above is just a simple editor of the trojan that edits a number of aspects of the trojan such as start up method and which ICQ to send the victims passwords to D:.

    Personally i recomend playing around with it on friends computers, but be prepared to scan your whole computer for other virus;s instaled with sub7.

  6. #6
    Senior Member
    Join Date
    Nov 2001
    Posts
    120
    You can scan your sys with a trojan remover like proport.In this case the trojan is well known and the port it connects to .So just a netstat can reveal if your are infected or not.BTW thanx for the extra info.

  7. #7
    Ninja Code Monkey
    Join Date
    Nov 2001
    Location
    Washington State
    Posts
    1,027
    I would compliment that netstat with the output from fport (go to foundstone). Fport can tell you what app is using what ports you are questioning which will make it easier to remove.
    "When I get a little money I buy books; and if any is left I buy food and clothes." - Erasmus
    "There is no programming language, no matter how structured, that will prevent programmers from writing bad programs." - L. Flon
    "Mischief my ass, you are an unethical moron." - chsh
    Blog of X

  8. #8
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    As too why people are still writing tutoriels on removing such an old trojan, its because although it is very old, as you say, its still very much used by those new to 'hacking'. They want to impress their friends with the powers they weild over the computers of others less experianced in computing than themselves. These less experienced targets have not yet realized the dangers of running a computer on the internet unprotected and do not want to spend the money for third party protection software. And yes, you are right anti-virus software does detect and disable sub7
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”

  9. #9
    Flash M0nkey
    Join Date
    Sep 2001
    Posts
    3,447
    Personally i recomend playing around with it on friends computers, but be prepared to scan your whole computer for other virus;s instaled with sub7.
    heh yeah including HDK (hard drive killer) built in to sub7 binus ( i think if memory serves correctly ) - mobman contacted mumba jumba and with his help installed bound HDK with the sub7 client - not the server!

    This had only one purpose however - to erase the hard-drive of some kid that was annoying mobman....HDK would only activate when it found a certain ICQ file containing the kids UIN

    you can read about it here

    i appologise for any inacuracies in my above post - but it has been quite a while sent I read about it...

    v_Ln

  10. #10
    Senior Member
    Join Date
    Mar 2002
    Posts
    153
    Thank q all for the respond. well I'm visiting this site http://www.hackguard.net/trojans.htm
    before i sent this post. well it make me curios and scared bout all those thing that why I send this post. But as far as I concern is, how scary if u effected with sub 7. It just like u give ur pc to the hacker. But it have the advantages. Well for me u can monitor wat ur kids doing at home or sth. Well have pros and cons. So I guess it depend on the hacker wat he wanna do. If the want do good thing, well for me sub 7 is a good software, and if the want do bad thing, then sub 7 is the scariest virus. am I right.
    by the way thank q for all the iformation. I appreciate it

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides