|Stable release||2.1.5 2003 (March 9th 2003)|
|Operating system||Microsoft Windows|
|Website||SubSeven Official Site|
Sub7, or SubSeven or Sub7Server, is the name of a Remote Administration Tool (RAT) program. Its name was derived by spelling NetBus backwards ("suBteN") and swapping "ten" with "seven".
It was originally designed by someone with the handle 'mobman'. No development has occurred in several years until a new version scheduled for release on Feb. 28th, 2010. The Sub7 project was dormant for over 6 years until. In October 2009 mobman was alleged to have stated via IRC that due to working and going to college full-time that he will not be able to help with Sub7.
Like other remote admin programs, Sub7 is distributed with a server and a client. The server is the program that the host must run in order to have their machines controlled remotely, and the client is the program with a GUI that the user runs on their own machine to control the server/host PC. Computer security expert Steve Gibson once said that with these features, Sub7 allows a hacker to take "virtually complete control" over a computer. Sub7 is so invasive, he said, that anyone with it on their computer "might as well have the hacker standing right next to them" while using their computer.
Sub7 has more features than Netbus (webcam capture, multiple port redirect, user-friendly registry editor, chat and more), but it always tries to install itself into windows directory and it does not have activity logging.
In 2006 a website (sub7legedns.com) / (sub7legends.net) with hundreds of thousands of users kept the sub7 alive with clean downloads and support and new software. A new version was created by defcon but not released that only a hand full of people knew about and used well.
SubSeven 2.3, released on March 9, 2010, was revamped to work on all 32-bit and 64-bit versions of Windows and includes TCP Tunnel and Password Recovery for browsers, instant messengers and email clients.
SubSeven has been used to gain unauthorized access to computers. While it can be used for making mischief (such as making sound files play out of nowhere, change screen colors, etc.), it can also read keystrokes that occurred since the last boot—a capability that can be used to steal passwords and credit card numbers.
Nearly all antivirus programs can detect Sub7 and prevent it from being installed unless steps are taken to hide it.
- Gibson, Steve. The strange tale of the denial of service attacks on grc.com. 2002-03-05.
- Sub7 analysis from Sophos
- "Symantec report on Sub7". Symantec.com. Retrieved 2012-08-28.