Hacker unleashers updated backdoor program
(IDG) -- An updated version of the backdoor program SubSeven was released by its creator, a hacker known as "mobman," on Friday, according to the "official" Web page of the program.
The SubSeven backdoor, which allows malicious hackers to access and control a user's computer without his or her knowledge, is "one of the highest threats to Windows PCs, especially those running in broadband environments," said Chris Rouland, director of the X-Force research team at computer security firm Internet Security Systems (ISS) in Atlanta, Georgia.
The program typically arrives in an email disguised as one of a variety of benign file types. Users unwittingly launch the program, potentially allowing a malicious hacker to perform actions including restarting and shutting down their computer and retrieving passwords, as well as uploading, downloading, and deleting files from the hard drive.
The new version, SubSeven 2.2, has a broader set of functions than its predecessor, making it more dangerous. For example, the program includes expanded notification capabilities that could allow hackers to more effectively coordinate DDoS (distributed denial-of-service) attacks, giving them a list of infected computers. The list makes it easier to orchestrate such an attack, which can shut down a Web site by flooding it with fake requests for information.
Another new feature, which helps the attacker hide their identity, supports what are known as socks4 and socks5 proxies. Using these proxies to cross international borders between countries whose governments don't cooperate with investigators could make it even more difficult to track down the hacker, Rouland said.
SubSeven 2.2 has already been spotted on the Internet, hidden in pornography files on a Usenet group, Rouland said. It wasn't immediately clear if any users have been infected with the new version yet.
Another major development in Version 2.2 is that most of the program's functionality resides in plug-in DLLs (dynamic link libraries), making it fairly simple to upgrade. The hacker community plans to release an SDK (software developer kit), which would enable hackers to create custom plug-ins, making it even harder to detect than previous versions, as well as allowing customization of the program, Rouland said.
Backdoors such as SubSeven and the better-known BackOrifice have a tendency to spread quickly because they are easy for hackers to launch, Rouland said. ISS found one strain of SubSeven 2.17 in thousands of computers, and Rouland estimates the total number of infected machines to be in the tens of thousands. In many cases, the malicious code lies dormant in the infected PC unless a hacker chooses to target that machine.
"Up to date antivirus software and intrusion detection software is the real solution here," Rouland said.
Security center issues antihacker tool
RELATED IDG.net STORIES:
Top 5 firewall utilities
Internet Security Systems
Study: Gadget sales flat
Protest slams Dell's use of prison labor
Steve Jobs keeps Apple in the limelight
N. Y. plans to heal skyline
Stocks rise on Case departure
Lieberman's presidential announcement today
New arrests may be linked to UK ricin scare
Jordan says farewell for the third time
Shaq could miss playoff game for child's birth
Ex-USOC official says athletes bent drug rules
|Back to the top|