Interview With mobman Author of SubSeven Trojan - All About Bots. Trojans And Worms!

SwatIt Anti Trojan and Bot Scanner and Remover
BOTS

Bots, Drones, Zombies, Worms and other things that go bump in the night.

Interview With mobman Author of SubSeven Trojan.

Not very often does the opportunity arise to interview a Trojan author, let alone the author of the most popular and widespread SubSeven Trojan for the last couple of years and set to be so for a few more years to come. The interview threw up some interesting results and points as you can see below.

Session Start: Thu Sep 06 21:13:51 2001
* Logging #quietchannel to '#quietchannel.log'

> First I would like to thank you for agreeing to the interview.

<mobman> no prob.

> It's not everyday that we get a chance to talk to Trojan Authors.

> Ok First off let me ask you a little about yourself. Your background etc.

<mobman> k

> How did you first get into writing Trojan programs?

<mobman> hmm... it was a couple of years ago.. i just got a copy of Delphi 4,
and was planning on learning it. since i was using netbus at the time with
friends, i thought of trying to make a netbus clone
<mobman> that's how it started... after 1 month sub7 1.0 was out... i submitted
it to a trojan site and got positive feedback on it, so i kept working on it

> Ok SubSeven far surpassed NetBus in both popularity and features I think it
would be widely agreed. What do you believe made SubSeven as successful as it has become?

<mobman> first of all it was the users input... i listened to people's suggestions, and
tried to implement as many as possible. secound reason is probably the ease of use...
sub7 is a lot easier to use/understrand than any other backdoors out there

> SubSeven also has some quite advanced features which also appear to make the program very popular. How much research and effort goes into designing and coding these new features?

<mobman> it depends on the feature... for example the spies were easy to implement... i did some
testing one day and they were implemented in sub7 the next day. the app redirect on the other hand
took a little longer...

> Are you still working on SubSeven as an ongoing project or have you now given up on the project?

<mobman> still working on it... well, i haven't been working on it the last couple of weeks, but i
still have a huge list of features that will be implemented in the next version [wich is probably
a couple of weeks away]

> Would you be willing to give any hints as to what new features are to be implemented?

<mobman> well... one of the best one will be the new sub7 bot... then there are a couple of things
that can be done with icq, mirc, etc. you'll have to wait and see

> That sounds interesting and I have read many articles already on the Bot and its ability to do damage. Do you ever feel any responsibility for the actions of the people that use your software to do malicious things with this tool?

<mobman> responsibility? hell no... it's all in how the users choose to use it. should a gun shop feel responsible for selling a gun to a man that shoots 6 people with it?

> Well I suppose not but surely you must know that people download it to misuse it?

<mobman> i know that happens, but i can't do anything about it. i have a disclaimer that warns people, but many people don't even bother reading it.

> It has been mentioned in several places on the Internet that the SubSeven Crew have now dissolved. Is there any truth in this?

<mobman> most of the people out there misunderstood what the crew actually did, so when they heard it broke up they thought it would affect sub7. the crew was made up of friends who liked sub7, and liked helping others with sub7. they also helped with the testing of new versions and suggested new features... the crew _did_ break, because of fights between crew members, but i still keep in touch with all of them...

> Do these members still add input to the program or not?

<mobman> yes, some have moved on to other stuff.. and are sometimes too busy, but some of them still do that

> Ok do you consider the program to be malware as it is often described?

<mobman> definately not. it didn't start out as malware, and i don't keep working on it because it's intended for malicious use... most of the people don't see, or don't want to see many of the positive uses... i've talked to admins who use it remotely to have complete control of other pcs, to parents who use it to watch their kids, internet clubs, etc.

> So you do believe it has legitimate usage too?

<mobman> i wouldn't have worked on it so hard if it didn't

> It has many features that could not be called legitimate such as spying, port redirection, the bot and password stealing capability. What possible need could there be for obviously nefarious features like these if its use was primarily meant to be legitimate?

<mobman> it depends on what you mean by "legitimate". surely a parent can use the spies to spy on their kids without breaking the law. i myself have used port redirecting from a dialup acount to my cable connection at home to log on to irc. the password stealing is actually intended for "pasword recovery", used again by myself numerous times. the bot was intended for having fun on irc... but some of the undocumented commands [intended for testing purposes] g

> SubSeven is attributed to have caused damages running into the high millions on corporate networks and home computers. Do you feel any sense of guilt for creating such a monster?

<mobman> no. sub7 was not intended for that purpose. even if it _was_ intended for malicious use, the end user would still be liable for any damages caused by it.

> Which features would you consider to be the most outstanding features in SubSeven?

<mobman> in my opinion, the most outstanding feature in sub7 is the EditServer. Then there are the spies, the passwords etc.

> As the author of SubSeven what do you consider the best way for people to protect themselves from SubSeven given that the latest version can stealth itself from process managers and netstat?

<mobman> there's no way of knowing if sub7 is running on a machine, especially for future versions... sure signatures can always be taken from files available on the sub7 site, but then there are always exe packers than can easily bypass those. maybe some kind of analyzing tool... that watches if it's running on reboot, what kind of ports it opens etc.

> I have noticed in the latest version of SubSeven 2.2 that there is no IRC Bot than a plain notify. Is there any reason for this maybe the bad press SubSeven Bot has received?

<mobman> no, it's not the bad press. the 2.2 bot was not finished by the time 2.2 was due out... like i said, the bot will be one of the best features of the new version, it will include a lot more options, that's why it's taking longer.

> Will the new Bot carry DDoS features such as Bionet Trojan and a multitude of other IRC Bots?

<mobman> it's likely that these kind of features will be implemented... i'm building the bot based on specifications and suggestions from the crew members and e-mails i've received and am still receiving... it'll include whatever the users want it to include

> Which crew members still assist with ideas and input into SubSeven?

<mobman> HeLLfiReZ, CorpseGrinder, fc, Mr.Q, swamp_rat and a couple of other non-crew friends...

> Do you mind sharing your age?

<mobman> I am currently 20 years old

> How long approximately have you been programming?

<mobman> hmm... about 5 years .. pascal in the first years and then delphi

> It has been suggested that SubSeven is a professional tool as good if not better than remote administration tools like PC Anywhere. Have you ever considered putting the obvious expertise you have in this field into the creation of completely legitimate software?

<mobman> sub7 _is_ legitimate software, the only difference being that it's not listed on known download sites. i never thought of creating a "completely legit" version, and never will.

> It has also been suggested that you and SubSeven Crew members are elite hackers. Are you or any of the Crew members hackers?

<mobman> some crew members most definately are, some aren't. i consider myself a programmer, that's it

> This about concludes the interview. Do you have any comments that you would like to add that you consider might be valid or informative for the readers of this article. It is hoped that a wide cross section of people will read this article and give feedback on it.

<mobman> just remember that not all sub7 users out there are out to destroy your computer or use it to ping yahoo.com. some just want to have fun.. and there's no better tool at that than SubSeven!

> Thank you for participating in this interview I am sure our readers will find it both interesting and informative.

Session Close: Fri Sep 07 00:40:47 2001

You can download and try SwatIt now free of charge by clicking
on the download link on the left.

Infected With Karma Worm and Sending Spam Messages
on IRC? click here