Results 1 to 6 of 6

Thread: Sub7

  1. #1
    Junior Member
    Join Date
    Mar 2006
    Posts
    17

    Sub7

    All,

    I have been perusing the sub7 website and had a few questions....

    In order to infect someone with the "server.exe" file, it pretty much means that one has to have pretty much no AV at all, right?

    Also, they have a list of start up options for the malicious file including registry entries and keyname entries, but also "less known" method and "unknown"method......they didn't discuss what those methods were, for reasons they considered obvious (and I guess they are): if they told you publicly what they were then they could be easily defeated.......my question is: does anyone have any idea what these secretive methods are??? and are there really any other ways to protect against it, maybe besides AV?
    I killed your cat you druggy b****, I thought it would bring closure to our relationship. --Rocco, Boondock Saints

  2. #2
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    To be honest with you mate - I wouldnt bother with Sub7 now-a-days. Every single AV will pick it up straight away - every fire wall will block it. Plus there is that many "dodgy" versions floating around - you will just end up infecting yourself when you download it.

    Go an google a more uptodate one!

    There is heaps of documentation about how to use it on the net.

    If you really want to use it though, this site will tell you all you need to know:
    http://www.megasecurity.org/Trojaninfo/sub7_secrets.htm

    //All though it can be quite a good tool when used legitimately!

  3. #3
    Senior Member nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,188
    ntwrkscrty

    Might I suggest that you redefine your approach?

    Sub-7 is very old hat and should be detected by a whole range of malware detectors? At least the "business end" should be?

    What is interesting here (and perhaps what they are really discussing) is how to launch it (or any similar malware)?

    They mention the normal/traditional methods I take it? a couple of others would be with malware injected into the nodes and spaces of an infected executable, and what I seem to recall are called "datastreams"...........sort of stuff hidden in the background of NTFS?

    Those could well avoid detection by conventional detectors.

    I agree with Nokia in that the actual back door will be detected, but what about the launch mechanism?

    I also agree that it can be a useful tool when used for legitimate purposes............I have used virus software to distribute application updates before now...........because the "toads" would not give me the resource or budget to do it in a respectable manner

    I would suggest that you stick to Sub-7 though, as it is so old hat it will not get you into trouble?


  4. #4
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    If you do want to play with it, I would suggest this:

    Get two networked boxs that are not anywhere near an Internet connection, install the server on one and the client on the other - now play around with the different settings and methods of installation - and learn to your hearts content.

    You could even introduce different AV's and firewalls to see how they handle it and to try and find away around them if you really wish to.

    Some of the settings wont work such as notification via E-mail/ICQ etc as obviously there is no internet connection but the vast majority of its functionality will still be there.

    But when you have finished and go to put the boxs back online - I would advise a bloody good format first!!

    Enjoy!

    /Be aware though that most versions have another backdoor coded in to them - to install it on your machine with out you noticing. Couple this with the fact you will need to disable your Av and firewall - or at least configure them to ignore sub7 - and you could have a dangerous backdoor installed! Sub7 may be old but it can still do a lot of damage!
    Be very selective where you download it from!

  5. #5
    Junior Member
    Join Date
    Mar 2006
    Posts
    17
    yeah, nokia, when i get my motherboard fixed i want to install server 2003 on it and try to play with that cause i do want to be a sec mgr....i don't really want to play sub7, i was just wondering kinda how that worked cause i didn't see much of an explanation on their site....thanks all......eric
    I killed your cat you druggy b****, I thought it would bring closure to our relationship. --Rocco, Boondock Saints

  6. #6
    Fastest Thing Alive s0nIc's Avatar
    Join Date
    Sep 2001
    Location
    Sydney
    Posts
    1,584
    well nihil mentioned this:
    and what I seem to recall are called "datastreams"...........sort of stuff hidden in the background of NTFS?
    I have seen this in action. Its called Alternate Data Stream or ADS, a few number of malware use it, so far i only bumped into 2 of them. Its a pain in the arse to detect/notice, unless u know what to look for. Anyway, I dont think i can properly explain how this works but I can give you this link as a reference.

    http://www.windowsecurity.com/articl...a_Streams.html

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •