Sub7, or SubSeven or Sub7Server, is the name of a Remote Administration Tool (RAT) program. Its name was derived by spelling NetBus backwards ("suBteN") and swapping "ten" with "seven".

It was originally designed by someone with the handle 'mobman'. No development has occurred in several years until a new version scheduled for release on Feb. 28th, 2010. The Sub7 project was dormant for over 6 years until. In October 2009 mobman was alleged to have stated via IRC that due to working and going to college full time that he will not be able to help with Sub7.

Like other remote admin programs, Sub7 is distributed with a server and a client. The server is the program that the host must run in order to have their machines controlled remotely, and the client is the program with a GUI that the user runs on their own machine to control the server/host PC.

Sub7 has more features than Netbus (webcam capture, multiple port redirect, user-friendly registry editor, chat and more), but it always tries to install itself into windows directory and it does not have activity logging.

In 2006 a website ( / ( with hundreds of thousands of users kept the sub7 alive with clean downloads and support and new software. A new version was created by defcon but not released that only a hand full of people knew about and used well.

A 2.3 was released on March 9, 2010 by a few users such as read101 and fc and others by was not tested and proved to buggy with no support. The website was later hacked by "unnamed" we should keep that way, due to a user named fc on opensource.

SubSeven 2.3 had been revamped to work on all 32bit and 64bit versions of Windows and includes TCP Tunnel and Password Recovery for browsers, instant messengers and email clients, but very buggy anmd untested.

SubSeven has been used to gain unauthorized access to computers. While it can be used for making mischief (such as making sound files play out of nowhere, change screen colors, etc.), it can also read keystrokes that occurred since the last boot—a capability that can be used to steal passwords and credit card numbers.[1]

In 2003, a hacker began distributing a Spanish-language email purporting to be from security firm Symantec that was used to trick recipients into downloading Sub7.[2]

Nearly all antivirus programs can detect Sub7 and prevent it from being installed unless steps are taken to hide it.




External linksEdit

Template:Remote administration software

Cite error: <ref> tags exist, but no <references/> tag was found

Ad blocker interference detected!

Wikia is a free-to-use site that makes money from advertising. We have a modified experience for viewers using ad blockers

Wikia is not accessible if you’ve made further modifications. Remove the custom ad blocker rule(s) and the page will load as expected.