... because it isn't. Servers go down, servers fail to run on startup, even without a firewall any observant user will notice the extra traffic going through their connection, and the idea of ANY currently available trojan being undetectable is a joke: just run "netstat -a" from a command prompt and if you see any port listening that shouldn't be, investigate. The SubSeven client is ugly, the server is now quite small but the new plugin system unstable, the whole thing is just too hit-and-miss in terms of reliability to be user friendly. I actually think 2.1 was better because quite simply more of it worked well... although the forthcoming bugfixed 2.2 remains to be seen.

I'm also convinced that using the SubSeven client on my machine caused ICQ to malfunction; I get recurring DLL errors which I managed to fix once only to have them reappear, and SubSeven is the only third-party software which makes use of the ICQ API which I have used any time recently.

The professionalism of "mobman" is also a complete joke; he embedded a hard-drive killing program (which he did not himself write) into the 2.1 client and used it to literally sabotage the development of a promising rival trojan, Syphillis. The project was discontinued after sourcecode was lost; the website for the currently unreleased continuation, Revenant, has been down for some time now and I wouldn't be surprised if mobman was involved in that somehow.

There are more stable trojans out there with similar feature sets, smaller server sizes (often attained by similar but more reliable plugin systems), and some with more personally worrying and potentially damaging features: "711", for example, facilitates spying on phonecalls conducted over a victims' ISDN line.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/articles/171/4971#4971