||This article has multiple issues. Please help improve it or discuss these issues on the talk page.
|Stable release||2.1.5 2003 (March 9th 2003)|
|Operating system||Microsoft Windows|
|Website||SubSeven Official Site|
Sub7, or SubSeven or Sub7Server, is the name of a Remote Administration Tool (RAT) program. Its name was derived by spelling NetBus backwards ("suBteN") and swapping "ten" with "seven".
It was originally designed by someone with the handle 'mobman'. No development has occurred in several years until a new version scheduled for release on Feb. 28th, 2010. The Sub7 project was dormant for over 6 years until. In October 2009 mobman was alleged to have stated via IRC that due to working and going to college full time that he will not be able to help with Sub7.
Like other remote admin programs, Sub7 is distributed with a server and a client. The server is the program that the host must run in order to have their machines controlled remotely, and the client is the program with a GUI that the user runs on their own machine to control the server/host PC. Computer security expert Steve Gibson once said that with these features, Sub7 allows a hacker to take "virtually complete control" over a computer. Sub7 is so invasive, he said, that anyone with it on their computer "might as well have the hacker standing right next to them" while using their computer.
Sub7 has more features than Netbus (webcam capture, multiple port redirect, user-friendly registry editor, chat and more), but it always tries to install itself into windows directory and it does not have activity logging.
In 2006 a website (sub7legedns.com) / (sub7legends.net) with hundreds of thousands of users kept the sub7 alive with clean downloads and support and new software. A new version was created by defcon but not released that only a hand full of people knew about and used well.
A 2.3 was released on March 9, 2010 by a few users such as read101 and fc and others by was not tested and proved to buggy with no support. The website was later hacked by "unnamed" we should keep that way, due to a user named fc on opensource.
SubSeven 2.3 had been revamped to work on all 32bit and 64bit versions of Windows and includes TCP Tunnel and Password Recovery for browsers, instant messengers and email clients, but very buggy anmd untested.
SubSeven has been used to gain unauthorized access to computers. While it can be used for making mischief (such as making sound files play out of nowhere, change screen colors, etc.), it can also read keystrokes that occurred since the last boot—a capability that can be used to steal passwords and credit card numbers.
Nearly all antivirus programs can detect Sub7 and prevent it from being installed unless steps are taken to hide it.
- Gibson, Steve. The strange tale of the denial of service attacks on grc.com. 2002-03-05.
- Sub7 analysis from Sophos
- "Symantec report on Sub7". Symantec.com. Retrieved 2012-08-28.