Security for the Macintosh computers has changed rapidly over the past few years, this is the first MacUsers have had to face such a large scale trojan as PC users have. Team2600 – A Macintosh programming group created the client to the server back in early 2001 offering Macintosh users a way to remotely control Sub7 infected computers.
Days after the announcement of the development of the Sub7 server for the Macintosh given at the hacker convention in Las Vegas, Nevada it was quickly marked as a trojan/virus. July 29th 2001 it is here – Sub7 Server for the Macintosh. Sub7Me Alpha Server is a prototype server for remote control of your mac using the Subseven Protocol. Call it a trojan a virus or a remote administration tool. The fact is that there’s a Macintosh application capable of uncountable uses that was available for the Windows platform and is now out for the Macintosh.
What is Sub7?
Sub7 or Subseven is a program designed to remain hidden once installed allowing user(s) to remotely access the computer it is installed on with a client. Tasks may be performed remotely allowing the user to do such commands as reboot, shutdown, chat with user, log keystrokes, activate screensaver displaying texts, see hard drive files and execute commands on them. When the program was originally released for the PC platform it was quickly labeled as a trojan along with NetBus and Back Orifice. Now some of those tools have regained their titles as remote administration tools rather than trojans and have been taken out of many anti-virus definitions.
Although the author (Agent OJ – Team2600) stated “Sub7Me is meant to be a remote administration tool for your Macintosh, not a hacking program.” many think otherwise.
The Alpha version of the server isn’t complete, but it gives a preview of many of the features that will be contained in the final version. Some of these include:
*PCInfo – Get info about the Macintosh running the server, including the Hard Drive name, Processor type and speed, OS version, etc. In the future this will also show how much space there is on the hard drive, as well as how many clients are connected to the server.
*HomeInfo – Get information about the main user of the computer running server, including e-mail address, real name, as well as the organization they are affiliated with.
*Chat – Chat with someone at the computer the server is running on…they can’t chat back yet, nor can you chat with other clients connected to the system, but this is something they will fully enable in the next version.
*Basic computer functions – Shutdown and Restart the computer, show or hide the menubar and control strip, show and hide the mouse, make the speaker beep…all these features are included in the server.
Port Change – Open alternative ports to connect to.
In the works
Drop a PPP Connection and reconnect
Matrix – …The Matrix has you!!
Above is the Sub7Me client connected to a computer running Sub7Me server
Although this isn’t the first remote administration tool for the Macintosh that remains hidden from the user (see RAE) it is the first designed using a PC trojan protocol.
Update Your Virus Definitions
Although the July virus definitions for all the anti-virus companies do not contain a protection against the sub7 server for the Macintosh we are sure they will take the appropriate steps to keep your system secure in the future.
Takedown Server Suite, Remote Admin Extension and Sub7 Server are not in any of the anti-virus vendors definitions for the Macintosh. These are all serious trojans. Contact your anti-virus company and tell them to get on top of it. You are not downloading all the updates to be secure from PC Word Macro scripts.
Keeping your Mac Secure
Do not install anything without knowing exactly what it is supposed to do. Using programs like DriveSpy to keep logs of installation activities can also help in recovery from the install. Sub7Me server is a extension that remains invisible in the system folder leaving no traces (preferences) of existence outside the extension itself. The extension name can be named anything by the person installing and the port it connects can be configured using the tool it is packaged with.
Download Sub7Me Alpha Server
Sub7Me Alpha Server – SecureMac.com
Sub7Me Alpha Server – 33holding.com
Sub7 Me Client – MacOS X/OS 8.6 with CarbonLIB
Sub7 Me Client – MacOS Classic
Sub7Me Server does not work on Mac OS X.
How is Sub7Me different from the PC version of Subseven?
Although Sub7Me utilizes the Subseven protocol so it is compatible with the PC client for Subseven, Sub7Me is supposed to be a remote administration tool for your Macintosh, not a hacking program. Sub7Me has far fewer features than the PC version of Subseven right now, but soon it will have a plethora of features not included in the PC version of Subseven.
The program is here for download because it has been argued that the Sub7 Server Suite is not a trojan and is a administrative tool. Parents, Teachers, and Bosses can find legitimate uses for this program, sometimes it is more appropriate to have hidden software to monitor computers rather than programs such as Timbuktu utilizing too much ram and letting the computer user know when someone is connected to the computer – which does remote administration but for a price. This program is free for use. Remember to set the password so users can not penetrate the system remotely if you install on your computer.