To print: Click here or Select File and then Print from your browser's menu

This story was printed from silicon.com, located at http://www.silicon.com/

Story URL: http://software.silicon.com/security/0,39024655,11020214,00.htm

SubSeven hacking tool in hundreds of computers
Eight hundred computers infected with the notorious hacking tool SubSeven have been uncovered by a US security team.

By Sally Watson

Published: Thursday 12 October 2000

The Trojan horse programme is being distributed across internet relay chat (IRC) channels masked with file names such as SexxxyMovie.mpeg.exe.

According to security experts at Internet Security Systems (ISS), hackers could be setting the 800 infected PCs to launch a distributed denial-of-service (DDoS) attack, similar to those, which brought down CNN.com, Yahoo! and Amazon in February.

Gunter Ollmann, principal consultant at ISS, said SubSeven has been known about for some time, but hackers are now developing and refreshing the programme. "SubSeven is designed to allow programmers to package up backdoor tool to their own special flavour," he said.

Once a PC is infected it allows the hacker access to all admin controls and files on the machine. According to ISS, most of the affected machines are home computers on high-speed cable modem or DSL connections.

"This tool specifically targets Windows 95 and Windows 98," said Ollmann. "Windows is not designed to be a secure environment so even with personal firewalls home users are not going to get particularly good protection."

ISS is attempting to contact all infected users.