Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Sub-7

From: mistral () STEVENSON ZETNET CO UK (James Stevenson)
Date: Thu, 8 Jun 2000 10:36:12 GMT

[This message has also been posted.]

Hi

it connects to an irc server and joing a room that the infector
chooses and then advestises your ip with the user / password to the tojan
i am about to try to create a fake Sub7 Trojan in c for linux if anyone would be
intrested to try i also think from what i have found out about the protocol
that it is possinble to crash the client and make it do horroble things in return :)

just so that you can waste peoples time trying to use it and also have them
on long enough to try and report them to there isp

cya
        James

On 8 Jun 2000 10:26:56 -0000, Khan, Mansoor <Mansoor.Khan () INVESTORSGROUP COM> wrote:

I was wondering if any one has any experience with this Trojan (Sub-7).
I am interested in finding out if it sends info through a general
broadcast to chat rooms.  Additionally, what specific info does it send
(from a w-95 machine) e.g. registry settings, user ids and passwords
etc.

Thanks,




--
---------------------------------------------
Check Out: http://www.users.zetnet.co.uk/james/
E-Mail: mistral () stevenson zetnet co uk
 10:30am  up 3 days, 23:09,  3 users,  load average: 0.40, 1.35, 0.95
Previous By Date Next
Previous By Thread Next

Current thread: