Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

FW: Sub-7

From: abel () ABLE-TOWERS COM (Abel Wisman)
Date: Thu, 8 Jun 2000 14:15:31 +0200

this is output in a channel on irc:

17:10] *** Joins: cwc
[17:10] <cwc> Sub7Server v.2.1 installed on port: 27374, ip:
195.252.137.208 - victim: pechfregel - password: rasta
[17:10] *** Quits: dt018 (Leaving)
[17:10] *** Joins: kwxqry
[17:10] <kwxqry> Sub7Server v.2.1 installed on port: 27374, ip:
213.6.181.193 - victim: pechfregel - password: rasta
[17:10] <moxbj> Sub7Server v.2.1 installed on port: 27374, ip:
62.157.13.4 - victim: pechfregel - password: rasta
[17:10] <pjv> Sub7Server v.2.1 installed on port: 27374, ip:
192.168.10.52 - victim: pechfregel - password: rasta
[17:10] *** Joins: xakjbl
[17:10] <xakjbl> Sub7Server v.2.1 installed on port: 27374, ip:
62.224.173.111 - victim: pechfregel - password: rasta
[17:10] <paxlp> Sub7Server v.2.1 installed on port: 27374, ip:
195.71.25.254 - victim: pechfregel - password: rasta
[17:10] <sjil> Sub7Server v.2.1 installed on port: 27374, ip:
195.131.87.73 - victim: pechfregel - password: rasta
[17:11] <fwwm> Sub7Server v.2.1 installed on port: 27374, ip:
62.224.200.40 - victim: pechfregel - password: rasta
[17:11] *** Joins: yagc
[17:11] <yagc> Sub7Server v.2.1 installed on port: 27374, ip:
213.6.119.91 - victim: pechfregel - password: rasta
[17:12] <bstdm> Sub7Server v.2.1 installed on port: 27374, ip:
193.159.1.191 - victim: pechfregel - password: rasta
[17:12] <uen> Sub7Server v.2.1 installed on port: 27374, ip:
-193.0.81.2-192.168.171.26-193.159.10.204- - victim: pechfregel -
password: rasta

(attached log)

abel wisman

ABLE-TOWERS is a division of UROwear Llc which in turn is a division of ABLE
Consultancy Holding BV

we recommend you visit these pages:

www.able-towers.com (hosting)
www.ul.org (domainregistration)
www.nut-shell.com (webdesign)
www.webdesignsdirect.com (webdesign)

-----Original Message-----
From: Incidents Mailing List [mailto:INCIDENTS () SECURITYFOCUS COM]On
Behalf Of Khan, Mansoor
Sent: maandag 5 juni 2000 19:49
To: INCIDENTS () SECURITYFOCUS COM
Subject: Sub-7

I was wondering if any one has any experience with this Trojan (Sub-7).
I am interested in finding out if it sends info through a general
broadcast to chat rooms.  Additionally, what specific info does it send
(from a w-95 machine) e.g. registry settings, user ids and passwords
etc.

Thanks,
Previous By Date Next
Previous By Thread Next

Current thread: