Kevin Poulsen, SecurityFocus 2001-03-13
SubSeven 2.2 makes Back Orifice look tame.
Colapse all |
Post comment
Behind of firewall.
2001-03-13
marceloreyes (at) netscape (dot) net [email concealed] (3 replies)
marceloreyes (at) netscape (dot) net [email concealed] (3 replies)
The trojan bakdoors, i think is not efective because the firewall
block incoming ports and is very dificult to access the server (trojan)
for outside connections, only receiving information is capable, port
what the firewall allow to outside, and the information what can the
client receive is...
[ more ] [ reply ]
block incoming ports and is very dificult to access the server (trojan)
for outside connections, only receiving information is capable, port
what the firewall allow to outside, and the information what can the
client receive is...
[ more ] [ reply ]
Behind of firewall.
2001-03-14
Someone (2 replies)
Someone (2 replies)
If the listening port is opened when the machine boots up, before the Firewall software boots up, the open port is ignored. Thus, connections are made 'through' firewalls....
[ more ] [ reply ]
[ more ] [ reply ]
Behind of firewall.
2001-03-15
youps (at) hotmail (dot) com [email concealed] (1 replies)
youps (at) hotmail (dot) com [email concealed] (1 replies)
Actually, that's not right if the firewall is well configured, you must activate the "control IP forwarding" on the firewall, to disable routing until the firewall service is up and running.
The true problems with FW1 Checkpoint is that the DNS rules is enable by default from any source to any de...
[ more ] [ reply ]
The true problems with FW1 Checkpoint is that the DNS rules is enable by default from any source to any de...
[ more ] [ reply ]
Behind of firewall.
2001-03-16
mailsander (at) gmx.net (dot) no-s [email concealed]pam (1 replies)
mailsander (at) gmx.net (dot) no-s [email concealed]pam (1 replies)
An old 386 with linux/bsd installed will work perfectly as a shield against trojans listening on a port. Almost everyone will have such a system lying around somewhere, and most free *nix distro's will have firewalling preconfigured.
For this setup to be circumvented, a trojan will have to activ...
[ more ] [ reply ]
For this setup to be circumvented, a trojan will have to activ...
[ more ] [ reply ]
Behind of firewall.
2001-03-22
Karmic Resonance
Karmic Resonance
If you belive that firewalls are sufficient defense against trojans you are a prime target. Please tell me you have disabled Net BIOS at least. As the others have replied, firewalls need to be propperly configured. Some hackers can and will directly engage a firewall in an attack, get arround it or ...
[ more ] [ reply ]
[ more ] [ reply ]
Subseven is also an excellent legimate RAT...
2001-03-14
SilenceGold
SilenceGold
Don't forget that fact.
This story just have the same concept as those news about school shootings. Subseven and guns can be dangerous but they can be more useful and helpful when it's used by a person who knows what he/she's doing.
Subseven is just heavy abused because it's very easy to unde...
[ more ] [ reply ]
This story just have the same concept as those news about school shootings. Subseven and guns can be dangerous but they can be more useful and helpful when it's used by a person who knows what he/she's doing.
Subseven is just heavy abused because it's very easy to unde...
[ more ] [ reply ]
Subseven 2.2 IS NOT A REMOTE ADMINISTRATION TOOL!!!
2001-03-14
David Mills (1 replies)
David Mills (1 replies)
The "New SubSeven Trojan unleashed" mentions the use of subseven as a remote administration tool - this is NOT a good idea as it leaves a nasty security backdoor even if a password is assigned - allowing the author of Subseven 2.2 (Aka mobman) + anyone else who knows a so called "master password" to...
[ more ] [ reply ]
[ more ] [ reply ]
Subseven 2.2 IS NOT A REMOTE ADMINISTRATION TOOL!!!
2001-03-14
SilenceGold (2 replies)
SilenceGold (2 replies)
how isn't Subseven 2.2 a remote administration tool? Look up what a remote administration tool means before you say something further.
Also, if you believe that 2.2 got some sort of backdoor in it. Prove it. Of course I'm aware that 2.1, 2.1a, 2.1 gold, and 2.1 muie had master passwords on tho...
[ more ] [ reply ]
Also, if you believe that 2.2 got some sort of backdoor in it. Prove it. Of course I'm aware that 2.1, 2.1a, 2.1 gold, and 2.1 muie had master passwords on tho...
[ more ] [ reply ]
MASTER PASSWORD?
2001-03-15
Concerned (1 replies)
Concerned (1 replies)
I took a look at the new version........Zone Alarm asked if I wanted to give it permission to act as a SERVER.
p.s...YES I am sure I only clicked on the CLIENT!...
[ more ] [ reply ]
p.s...YES I am sure I only clicked on the CLIENT!...
[ more ] [ reply ]
RE: Subseven 2.2 IS NOT A REMOTE ADMINISTRATION TOOL!!!
2001-03-16
CL
CL
Look at Y3K.
Subseven IS and always will be seen as a BAD Program and will never be seen as a GOOD program, because that is what it was intened for. You might say that it could be used for good but you know it will never be used for that and you know YOU will never use it for GOOD too.
From a...
[ more ] [ reply ]
Subseven IS and always will be seen as a BAD Program and will never be seen as a GOOD program, because that is what it was intened for. You might say that it could be used for good but you know it will never be used for that and you know YOU will never use it for GOOD too.
From a...
[ more ] [ reply ]
not safe
2001-03-15
av
av
the statement that "In any event, users who don't accept executables (files ending in the suffix .exe) from strangers are safe from the Trojan," is completely untrue. malicious scripts could be executed via windows scripting host (*.vbs or *.wsh files) thereby forcing virtually any command to be run...
[ more ] [ reply ]
[ more ] [ reply ]
Subseven Startup
2001-03-15
Dark Avenue (4 replies)
Dark Avenue (4 replies)
The new release Subseven 2.2 is an excellent R.A.T as well as a backdoor. But is giving problems on win NT server Machines....It Does not execute at startup....Mobman..R U listening....Anyway...a great trojan of all times...Hail Subseven..
Dark Avenue...
[ more ] [ reply ]
Dark Avenue...
[ more ] [ reply ]
Subseven Startup
2001-03-17
Anonymous
Anonymous
The simple reason why SubSeven doesnt start correctly on NT systems is because of the various security stuff that NT uses (for example, registry security settings) and because of the way NT handles some files (more secure than the Home User Windows 95/98/Me).
So who says mobman cant code?...
[ more ] [ reply ]
So who says mobman cant code?...
[ more ] [ reply ]
Subseven Startup
2001-03-22
Karmic Resonance
Karmic Resonance
If the server is not executing on start up, it may be the fault of two things, in my experience. First (and most probably) it is the new 2.2 coding. The new coding may have errors which have not been fully explored by it's creator. Even mobman stated on his site that he was ruched to release 2.2 and...
[ more ] [ reply ]
[ more ] [ reply ]
Norton found 2.2 in 2.1 download???
2001-03-15
RT
RT
I may be confused, but I downloaded 2.2 and then just for reference 2.1....that's when Norton advised there was a 2.2 signature in 2.1 *** I wonder if there is a 2.2 server bound to 2.1 client?
I'll definitely take these apart a little to see what gives.
I just hope it's clean, so I can use it for...
[ more ] [ reply ]
I'll definitely take these apart a little to see what gives.
I just hope it's clean, so I can use it for...
[ more ] [ reply ]
You appear a little confused.
2001-03-16
HeLLfiReZ Sub7 Developer
HeLLfiReZ Sub7 Developer
It appears there is much confusion here judging by the varied postings I have just read.
Yes SubSeven is a remote administration tool (legit or not legit) you decide. A gun or a hammer can be used for either legitimate purposes or illegitimate purposes and that decision lies with the end user. We ...
[ more ] [ reply ]
Yes SubSeven is a remote administration tool (legit or not legit) you decide. A gun or a hammer can be used for either legitimate purposes or illegitimate purposes and that decision lies with the end user. We ...
[ more ] [ reply ]
I think I got hit by it... tips for other victims.
2001-03-16
kilonad (at) hotmail (dot) com [email concealed]
kilonad (at) hotmail (dot) com [email concealed]
This version's quite a pain in the a$$ to remove. I've only had to deal with one backdoor virus on my computer before, but this one slipped past Norton (though I admit the definitions are a little out of date). Basically, it adds a few registry entries claiming to be "RunDLL32" while not actually ...
[ more ] [ reply ]
[ more ] [ reply ]
PLEASE stop referring to sub7 as if it were masterfully coded
2001-03-16
skweek
skweek
... because it isn't. Servers go down, servers fail to run on startup, even without a firewall any observant user will notice the extra traffic going through their connection, and the idea of ANY currently available trojan being undetectable is a joke: just run "netstat -a" from a command prompt an...
[ more ] [ reply ]
[ more ] [ reply ]
Using Sub7 legitimatly
2001-03-19
dafunks (1 replies)
dafunks (1 replies)
I for one use the program legitimatly on a regular basis. It gives me access to my system from a remote computer when i need to either lift or upload to it. I choose this product because:
1) It is free
2) The server can be manipulated to my personal security settings, by myself to a much greater...
[ more ] [ reply ]
1) It is free
2) The server can be manipulated to my personal security settings, by myself to a much greater...
[ more ] [ reply ]
sub seven is tame
2001-03-20
The Achtzhen
The Achtzhen
the program just makes a random exe file into the windows directory (e.g. axis.exe) and on the win.ini file (which can be run on the notepad) and on the 5th line of it puts this:
windows]
skipmouseredetect=0
NullPort=None
device=x.
run=axis.exe <-----
you just delete the exe file spe...
[ more ] [ reply ]
windows]
skipmouseredetect=0
NullPort=None
device=x.
run=axis.exe <-----
you just delete the exe file spe...
[ more ] [ reply ]
Sub7
2001-03-21
surferUSA
surferUSA
Sub7 also has a very small "uploader" file that can be placed on your hard drive by you clicking an url link on a website ... then the Sub7 files are auto or command uploaded later and self install. I think i got it on a site by clicking a pic link. So it's more than just opening an e-mail attachmen...
[ more ] [ reply ]
[ more ] [ reply ]
SubSeven is the Powerhouse.
2001-03-21
C Y B E R C O N
C Y B E R C O N
This program can be used to either help or hurt. I have noticed that it gives the wood be hackers (script kiddies)a chance to make themselves feel powerful as well. I hear it is a fun tool to mess around with but if I know if I could get away with being bad on the internet then I damn sure would d...
[ more ] [ reply ]
[ more ] [ reply ]
"In any event, users who don't accept executables (files ending in the suffix .exe) from strangers are safe from the Trojan."
Is totally untrue, and most likely the author of this article understands that. With security holes like the Outlook date field overflow and various othe...
[ more ] [ reply ]