-TOP STORIES- ** SubSeven Offers New Tool To Hackers Virus writers too busy to learn assembly or Visual Basic Scripts now have a new tool to help them orchestrate system attacks without having to know the first thing about programming. Developers of the ubiquitous back-door hacking program SubSeven, which gives cybervandals nearly carte blanche over a victim's computer, have made version 2.2 of their software generally available. Version 2.2 sports new support for proxies, the ability to monitor any random port, a new graphical user interface, and will broadcast compromised system information to various Web sites using the Common Gateway Interface. SubSeven creators also plan to release a software developers' kit that will provide a modular development approach, making it easier for users to sneak past antivirus software. Because of the new proxy support, "hackers will also have less to worry about when it comes to being traced," says Chris Rouland, director of the X-Force vulnerability research team for Internet Security Systems Inc. SubSeven has been used in the past to create "zombies" on remote systems that are "awakened" in unison to launch a distributed denial-of-service attack. The new notification features, SubSeven developers hope, will provide a widely used manifest of SubSeven-infected systems that can be distributed among users of the development tool, potentially creating larger and more dangerous attacks than previously possible. Once a machine is infected with SubSeven, the Trojan installs itself to the Windows directory with the identical name of the file from which it originally ran. Then it installs its dynamic link library to the Windows system directory. It also alters the Windows registry so SubSeven is executed every time Windows boots. Rouland says the new version also provides a way for each keystroke on a victim's system to be logged and E-mailed back to the attacker. "This is a way they can gather passwords and other data," he says. "From a hacker perspective, it's really a useful toolkit. - George V. Hulme <InformationWeek <[EMAIL PROTECTED]> To unsubscribe from SURVPC send a message to [EMAIL PROTECTED] with unsubscribe SURVPC in the body of the message. Also, trim this footer from any quoted replies. More info can be found at; http://www.softcon.com/archives/SURVPC.html
