Virus type: Trojan


Aliases:
BACKDOOR.TROJAN, TROJ_BACKDOOR, TROJ_BKDOOR.G-1, TROJ_BKDOOR.G-2, TROJ_BKDOOR.G-3, TROJ_BKDOOR.G-4, TROJ_BKDOOR.G-5, TROJ_BKDOOR.G, SUB7

Description:
This is a net hack tool similar to the Back Orifice virus. If the server portion of this virus is active in a computer that is connected to the Internet, a remote user with the correct IP address and the client part of this virus can connect to this infected system and take control of it. Trigger date 1: Any Day
Trigger condition 1: When the server part of the Trojan is active
Payload 1: Others (weakens system and network security)
Detected by pattern file#: 596 or later
Detected by scan engine#: 2.082 or later
Language:
English
Platform: Win32
Encrypted: No

Details:
These combination of programs serve as a set of remote administration utilities and a hacker tool. Once a remote user has taken control of an infected system, the remote user is capable of doing just about anything on the infected computer - this includes, but not limited to, complete control of the file, video, and keyboard systems as well as the behavior of the desktop, monitor, speaker, CD-ROM, mouse, speaker, and printer. Likewise, the remote user is capable of playing around with the Start button, desktop icons, currently running processes, and all opened windows. The remote user is able to communicate with the infected user via a chat-like window. He/she could download all recorded passwords on the infected computer since startup, enable/disable the Ctrl-Alt-Del key combination.
For the server portion of the program, it can be configured to send an email or an ICQ message to give out the IP address of an infected system so that the remote user knows what IP address to connect to.




------------------
If we can't fix it, it ain't broke!

SubSeven version history:EditServer for 1.9 or older features:
PreSet Target Port
PreSet server Password
Attach EXE File
PreSet filename after installation
PreSet Registry Key
PreSet Autostart Methods:
- Registry: Run
- Registry: RunSevices
- Win.ini
- Less known method
- Not known method
PreSet Fake error message
PreSet Connection Notify Username
PreSet Connection Notify to ICQ#
PreSet Connection Notify to E-Mail
PreSet Connection Notify to IRC Channel or nickname

1.9 or older features:

Open Web Browser to specified location.
Restart Windows [5 methods]:
- Normal shutdown
- Forced Windows shutdown
- Log off Windows user
- Shutdown Windows and turn off computer
- Reboot System
Reverse/restore Mouse buttons.
Hide/Show Mouse Pointer.
Control Mouse.
Mouse Trail Config.
Set Volume.
Record Sound file from remote mic.
Change Windows Colors / Restore.
Hung up Internet Connection.
Change Time.
Change Date.
Change Screen resolution.
Hide Desktop Icons / Show
Hide Start Button / Show
Hide taskbar / Show
Opne CD-ROM Drive / Close
Beep computer Speaker / Stop
Turn Monitor Off / On
Disable CTRL+ALT+DEL / Enable
Turn on Scroll Lock / Off
Turn on Caps Locl / Off
Turn on Num Lock / Off
Connect / Disconnect
Fast IP Scanner
Get Computer Name
Get User Name
Get Windows and System Folder Names
Get Computer Company
Get Windows Version
Get Windows Platform
Get Current Resolution
Get DirectX Version
Get Current Bytes per Pixel settings
Get CPU Vendor
Get CPU Speed
Get Hard Drive Size
Get Hard Drive Free Space
Change Server Port
Set/Remove Server Password
Update Server
Close Server
Remove Server
ICQ Pager Connection Notify
IRC Connection Notify
E-Mail Connection Notify
Enable Key Logger / Disable
Clear the Key Logger Windows
Collect Keys pressed while Offline
Open Chat Victim + Controller
Open Chat among all connected Controlelrs
Windows Pop-up Message Manager
Disable Keyboard
Send Keys to a remote Window
ICQ Spy
Full Screen Capture
Continues Thumbnail Capture
Flip Screen
Open FTP Server
Find Files
Capture from Computer Camera
List Recorded Passwords
List Cached Passwords
Clear Password List
Registry Editor
Send Text ot Printer
Show files/folders and navigate
List Drives
Execute Application
Enter Manual Command
Type path Manually
Download files
Upload files
Get File Size
Delete File
Play *.WAV
Set Wallpaper
Print .TXT\.RTF file
Show Image
List visible windows
List All Active Applications
Focus on Window
Close Window
Disable X (close) button
Hide a Window from view.
Show a Hidden Window
Disable Window
Enable Disabled Window
Set Quality of Full Screen Capture
Set Quality of Thumbnail Capture
Set Chat font size and Colors
Set Client’s User Name
Set local ‘Download’ Directory
Set Quick Help [Hints] EditServer for 2.0 new features:
Protect server's Port and Password once installed
Melt server when executed
Protect server settings with a password

features added in 2.0
Restart server
Aol Instant Messenger Spy
Yahoo Messenger Spy
Microsoft Messenger Spy
Retrieve list of ICQ uins and passwords
Retrieve list of AIM users and passwords
App Redirect
Edit file
Perform clicks on victim's desktop
Set/Change Screen Saver settings [Scrolling Marquee]
Restart Windows [see below]
Ping server
Compress/Decompress files before and after transfers
The Matrix
Ultra Fast IP scanner [thanks to Blade's TH]
IP Tool [Resolve Host names/Ping IP addresses]
Get victim's home info [not possible on alll servers]:
- Address
- Bussiness name
- City
- Company
- Country
- Customer type
- E-Mail
- Real name
- State
- City code
- Country code
- Local Phone
- Zip code
Configure Client colors
Configure menu options [add/delete pages, change names]
Automatically Display Image when downloaded [jpg,bmp]
Automatically edit files when downloaded [txt,bat]
Change port numbers for The Matrix, Keylogger and Spies
Retrieve "SubSeven message of the day"

EditServer for 2.1 changes
customizable colors
change server ICON
pick random port on server startup
irc bot configuration

features added in 2.1

address book
WWP Pager Retriever
UIN2IP
remote IP scanner
host lookup
get Windows CD-KEY
update victim from URL
ICQ takeover
FTP root folder
retrieve dial-up passwords along with phone numbers and usernames
port redirect
IRC bot. for a list of commands, click here
File Manager bookmarks
make folder, delete folder [empty or full]
process manager
text 2 speech
clipboard managerEDITSERVER CHANGES

------------------
If we can't fix it, it ain't broke!

Subseven "News"

Sunday, May 21
one of the many new features of 2.2 will be A WHOLE NEW CONCEPT IN INFECTION. UNKNOWN. soon to be announced, watch this space.
if you didn't notice already, the new official SubSeven irc server is located at: subseven.mine.nu (don't send server bcasts or bots to this irc network, you'll lose them. users caught doing it will be banned). for help with the irc server, click here for the official SubSeven IRC help page (currently being constructed)
NEW 2.2 client interface screenshots coming soon.
a group of guys called the "DJO-D" are now working on a java-client. click here to take a look
Thursday, June 1
a new client has been released including a few new features and a bug fix. a new server will be released tommorrow or in 2 days, which will fix a few bugs like aim spy/icq spy for icq2k/offline keylogger. the new client features a new "delete skin" feature to erase a skin from the hard drive completely, a "password bypasser" feature to login to servers even if you forgot the password, or if you're infected and the server is password protected, and a bug fix in the "cached passwords" window. the latest server posted on the site is not affected by the "password bypasser" feature, and neither will future versions be. most users shouldn't be affected by it, they should already know NOT to use the default port for infection. the feature is only included to be used to restore forgotten passwords, or to remove local servers. do NOT abuse it, do NOT steal other people's servers. click here to get the new client. [special greetz included for my favourite buddies out there, you know who you are]
Thursday, June 2
SubSeven 2.1 Bonus has been released. in addition to the new client features and fixes mentioned below, the following changes have been made: fixes in the new server: irc bot - join command (on old servers, the bot couldn't join a channel if you specified a # in front of the channel name), aim spy (minor fixes), icq spy (now works for icq2000), offline keylogger (works properly now). additions: a new command has been added to the irc bot. "visit [url] (useful fo banner clicking. the command can be used in a channel only). go to the download section to get it.
REMEMBER, in the client: to use the "password bypasser" feature, just enter a BLANK password when prompted. don't type anything, just hit enter or click ok. also remember, not all servers are affected. latest patch posted on the site, along with today's release are NOT affected.
Thursday, July 13
we're all still here. there are two reasons this site hasn't been updated lately:
1. as some of you might've noticed, we've been having problems with the domain; all of which should be fixed by now
2. i'm sure no one likes to see a "working on 2.2, will be out soon" message every single day.
2.2 is still getting there... screenshots will be posted soon as promised.
a new sub7 help site is up, check it out at **** [by Turbo_Kazzam]
the skins page is _still_ up, check it out here.
Thursday, July 20
the skins page has been fixed. new URL: ***

Saturday, July 29
if you're planning on going to DEFCON 8 tomorrow, check out the talk about backdoors. a special 2.1 version will be handed out by swamp rat and HeLLfiReZ.
Wednesday, September 6
got a lot of emails asking to update the site, so here we go:
- the text2speech link has been fixed.
- the skins page has been fixed. click here for the new page [requires netscape 6 beta]
- as for 2.2... it will be out when it's done. the crew members and a couple of other people will be receiving a beta version soon. along with that screenshots will be posted on this site.
Friday, September 15
a new 2.1 server has been released... you can download it here, here or here.
this server is to repair the problem of not receiving ip notifications on icq.
icq banned pagers from sub7 and various other trojans by banning on a different criteria. we have now identified the criteria that they were banning on and released this fixed version.
remember, if you want to keep your servers, don't rely on icq notifications, always use a second notify method for backup.
there is also a new port. the new default port is 6667
other changes:
* improved e-mail notify
* improved irc notify
* randomized irc notify ident
Monday, October 2
2.2 beta 2 has been released to the crew members... it's a CREW beta ONLY, so don't ask to test it.
i made up a small page with a couple of screenshots of the new client... click here to check it out. it's not the final version, it's only about 70% done... stuff will most likely be added/removed to/from it.
the latest release of 2.1 was incompatible with the client [used different compression methods for files in client and server], and because of that you couldn't download any files. because of that it has been removed from the site... you can still receive icq pagers with older versions if you have icq2000a or b.

------------------
If we can't fix it, it ain't broke!

December notes:

Tuesday, December 19
got quite a few emails from people about the whole sub7crew members quitting deal. lot of people don't know what exactly the crew does.
the sub7crew does not help with the programming part [though some of them will help with the plugins and a few things in 2.2]. they help users who are having problems with sub7 through email/irc, they test beta versions, come up with ideas, etc.
some of them have "officially" quit the crew... that doesn't mean they're not involved with sub7 anymore.
Monday, December 11
what do you do when you have to choose between working on a freeware project [and keeping the fans happy] and taking on a few easy work-at-home-for-a-shitload-of-money jobs? you tell the fans to wait a little and have some fun.
Sub7 will be delayed. i've been working part time on sub7 for the last couple of months. it was either that or turning sub7 into a commercial product.
believe it or not, i've been contacted to work on different programs because of what i did with sub7. and they say backdoors/trojans/rats aren't good for anything. and i wasn't the only one, a few sub7 crew members make at the present, and will make in the future a living out of it.
does this mean you'll have to wait a year for a new version of sub7? no.
initially i was planning a surprise... a release a couple of days before christmas, but final exams and a recent death of a relative made that almost impossible. note the use of the word "almost"... you never know.
expect a couple of changes around, starting with a new site design... soon.
as for 2.2... remember: it won't be just a redesigned 2.1 with plugins and new features. it's not my style to brag about new stuff. one thing's for sure though, good things are coming.

------------------
Thank you for using Help From Techs Support Forums!
Please come again and remember to refer a friend to our site.