Handler on Duty: Didier Stevens
Threat Level: green
Loading...
|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||
| URL |
|---|
| Jabber.Org r00t discovered, Vulnerabilities affect Koffice, Kdegraphics, xpdf viewer, Gpdf, Cups, and Tetex |
| Submitted By | Date |
|---|---|
| Comment | |
| Saint Joesph Grimm | 2009-10-04 18:45:22 |
| ACK... Cant we get rid of this thing? Sub7 in a trojan that can be downloaded through any executable file (.exe) It is sometimes disquised as games, movies, self-extracting zip files. After opening the .exe the server will melt into the target system, making it hard to find. The server can be set to open on any number of ports... Most common are 27374, and 1243. Remote users then open an executable on their PC, that will grant them access to the server. Once this is done the Remote PC has ABSOLUTE CONTROL OF YOUR COMPUTOR!!!! I have seen this thing do things to computers remotely that even people sitting at them cannot do... Features include: Key Logger, ICQ Hijacker, Matrix style chat enableing, and basically anything you can control from your PC. Norton Antivirus can find and delete this trojan... I may have left alot out, but you get the clue.... Good Luck, I hope we can get rid of this one soon.... Oh, heres an extra little tidbit... anyone who is using sub7 is definatly trojaned themselves, the wonderful maker of this horse (Mobman of www.subseven.ws) has released all versions of this tool with the trojan enabled on it. So as soon as a would be hacker opens the "subseven.exe" they themselves become infected. !-D St Joesph Grimm | |
| CVE # | Description |
|---|
© 2025 SANS™ Internet Storm Center
Developers: We have an API for you! 