Sub Seven Virus Essay, Research Paper
Imagine this, you?re at home playing on the computer when suddenly your cd drive opens. You brush it off as it were nothing unusual but then a few minutes go by and out of nowhere you printer starts printing a page that says “you have a virus that allows people total access your files.” You begin to panic when a message window pops up and it?s the person that printed that out. He tells you that the virus you have is called the subseven virus.
I didn’t have to hard of a time imagining that situation because it really happened to me. The guy that informed me of having the virus told me where I could download the program to access people files. So I, being the curious type downloaded and proceeded to get into people’s computers. I have to admit it is pretty fun messing with people. I didn?t delete anyone?s files I just looked around and when I was done having a little fun with the person I told them that they had the subseven virus.
The operating program was well developed. It has a lot of options some of these options include flipping the victim?s screen, take control of mouse, revealing cached passwords, open cd rom drive, disable keyboard, turn monitor off, and much much more. My personal favorite option was the ability to access the c-drive and see what the person has on their computer.
Subseven was discovered in May 1999. The creator calls himself ?Mobman.? Subseven is a Windows 9x Internet Backdoor trojan. When running it gives virtually unlimited access to the system over the Internet to anyone running the appropriate client program. Subseven uses a person?s ip address to access the system. It installs three files onto the computer. The first being NODLL.EXE which is installed into the windows folder and is used to load the trojan server. The next file is known as BackDoor-G.srv. This one is also installed into the windows folder and is the actual trojan that receives and carries out the commands from the client program. This file is usually the first file the user gets. The next file is used by the trojan server program to watch for connections to the internet from the client software. This file is identified as BackDoor-G.dll. The Trojan also registers the file extension .dl as an executable file type that can be run by the operating system just like any .exe file. This allows the attacker to download files onto the victims system and run them. Because the extension is not usually associated with executable files some virus scanners will not scan these files and the victim will not suspect these files.
You may be asking yourself ?How can I tell if I have the virus?? Well here are some indications that you?ve been infected. Files copied to the local system, changes to system registry, and strange or unexplained dialogue boxes on the machine with conversation or keystrokes entered without your instructing to do so.
I hope my report gave you some new insight on a tricky little virus that can really mess up your computer. I have added the full list of options on the subseven program.
Fun Manager
———–
1. Open Web Browser to specified location.
2. Restart Windows.
3. Reverse Mouse buttons.
4. Hide Mouse Pointer.
5. Move Mouse.
6. Mouse Trail Config.
7. Set Volume.
8. Record Sound file from remote mic.
9. Change Windows Colors / Restore.
10. Hang up Internet Connection.
11. Change Time.
12. Change Date.
13. Change Screen resolution.
14. Hide Desktop Icons / Show
15. Hide Start Button / Show
16. Hide taskbar / Show
17. Opne CD-ROM Drive / Close
18. Beep computer Speaker / Stop
19. Turn Monitor Off / On
20. Disable CTRL+ALT+DEL / Enable
21. Turn on Scroll Lock / Off
22. Turn on Caps Locl / Off
23. Turn on Num Lock / Off
Connection Manager
——————
1. Connect / Disconnect
2. IP Scanner
3. IP Address book
4. Get Computer Name
5. Get User Name
6. Get Windows and System Folder Names
7. Get Computer Company
8. Get Windows Version
9. Get Windows Platform
10. Get Current Resolution
11. Get DirectX Version
12. Get Current Bytes per Pixel settings
13. Get CPU Vendor
14. Get CPU Speed
15. Get Hard Drive Size
16. Get Hard Drive Free Space
17. Change Server Port
18. Set Server Password
19. Update Server
20. Close Server
21. Remove Server
22. ICQ Pager Connection Notify
23. IRC Connection Notify
24. E-Mail Connection Notify
Keyboard Manager
—————-
1. Enable Key Logger / Disable
2. Open Key Logger in a remote Window
3. Clear the Key Logger Windows
4. Collect Keys pressed while Offline
5. Open Chat Victim + Controller
6. Open Chat among all connected
Controllers
———–
1. Windows Pop-up Message Manager
2. Disable Keyboard
3. Send Keys to a remote Window
Misc. Manager
————-
1. Full Screen Capture
2. Continuous Thumbnail Capture
3. Flip Screen
4. Open FTP Server
5. Find Files
6. Capture from Computer Camera
7. List Recorded Passwords
8. List Cached Passwords
9. Clear Password List
10. Registry Editor
11. Send Text ot Printer
File Manager
————-
1. Show files/folders and navigate
2. List Drives
3. Execute Application
4. Enter Manual Command
5. Type path Manually
6. Download files
7. Upload files
8. Get File Size
9. Delete File
10. Play *.WAV
11. Set Wallpaper
12. Print *.TXT\*.RTF file
13. Show Image
Window Manager
————–
1. List visible windows
2. List All Active Applications
3. Focus on Window
4. Close Window
5. Disable X (close) button
6. Hide a Window from view.
7. Show a Hidden Window
8. Disable Window
9. Enable Disabled Window
Options Menu
————-
1. Set Quality of Full Screen Capture
2. Set Quality of Thumbnail Capture
3. Set Chat font size and Colors
4. Set Client’s User Name
5. Set local ‘Download’ Directory
6. Set Quick Help
7. Set Client Skin
8. Set Fun Manager Skin
Edit Server
———–
1. PreSet Target Port
2. PreSet server Password
3. Attach EXE File
4. PreSet filename after installation
5. PreSet Registry Key
6. PreSet Autostart Method:
Registry – system files – start up folders
7. PreSet Fake error message
8. PreSet Connection Notify Username
9. PreSet Connection Notify ICQ#
10. PreSet Connection Notify E-Mail
11. PreSet Connection Notify IRC Chan.
12. PreSet IRC Port
13. Change Server *.exe Icon