It's not that it 'broadcasts' to an IRC channel, people have IRC bots in
large channels that scan your IP for the existence of Sub7, BO, etc. It
then says [Sub7 Detected on 0.0.0.0] (example). People sit in these
channels waiting for new IP address to screw around with.
However I have never looked at Sub7, it it does broadcast the IP to an IRC
channel, please let me know.
Erik Tayler
14x Network Security
http://www.14x.net
On Thu, 8 Jun 2000, Matthew F. Caldwell wrote:
> Sub7 Information:
>
> The subseven trojan can be downloaded from: http://subseven.slak.org
> This is a very powerful trojan for win95/98. The Internet Relay Chat (IRC)
> client will broadcast the IP of the infected system, the port number of
> the trojan and the password needed to connect on the designated port.
>
> Matthew F. Caldwell, CISSP - Senior Consultant
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> Guarded.Net - An Information Security Company
> connect(); to the future of secure computing!
> Email: matt.caldwell_at_guarded.net
> -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
> http://www.guarded.net
> ---------------------------------------------------------------------------
> This e-mail may contain proprietary commercial information and is intended
> for the addressed recipient(s) only. If you are not an addressed
> recipient of this e-mail and have received it in error, you must delete
> it. You may not forward or disseminate information contained in this
> e-mail without permission from Guarded.Net.
> Questions? Contact legal_at_guarded.net
> ---------------------------------------------------------------------------
>
>
> On Mon, 5 Jun 2000, Khan, Mansoor wrote:
>
> > I was wondering if any one has any experience with this Trojan (Sub-7).
> > I am interested in finding out if it sends info through a general
> > broadcast to chat rooms. Additionally, what specific info does it send
> > (from a w-95 machine) e.g. registry settings, user ids and passwords
> > etc.
> >
> > Thanks,
> >
>
Received on Jun 10 2000
Intro
