Welcome to the Virus Encyclopedia of Panda Security.
It allows to get into the affected computer.
It does not spread automatically using its own means.
|Detection updated on:||July 29, 2003|
|Yes, using TruPrevent Technologies
Trojan.Sub7.21.Gold is a Backdoor Trojan belonging to the SubSeven family of viruses. More exactly, this is the 2.1 version of the famous Trojan SubSeven virus created by Mobman. This Trojan is widely used by hackers, as it offers a great number of services. This is considered to be one of best Trojans along with NetBus.
It consists of four files. The server, the client, a dynamic link library and another program used for configuration of the Trojan. The server program is installed on the victim computer. The client and the setup program must be installed on the attacking computer. The server program prepares and carrying out the services requested by the client program.
The Trojan is capable of carrying out the following actions on the affected system: it creates a new entry in the Windows Registry, opens the TCP 27374 port, opens and closes the CD-ROM tray, moves the mouse pointer about the screen, hides the task bar and the Start button...etc. Although these functions are not dangerous, they can get to be very annoying. However, the Trojan is capable of carrying out other actions that pose a greater risk such as accessing users' confidential data.
The Trojan reaches the systems in the form of an apparently inoffensive executable file. When the user loads the file the trojan proceeds to install itslf on the system. This is the reason why it copies itself to the C:\WINDOWS directory with the following name: MSREXE.EXE.
Once the client-server connection has been established, the malicious users will be able to carry out a number of annoying actions on the victim system. The Trojan needs to open a backdoor in order to be able to carry out these actions. The fact that this backdoor is open could pose a high risk to confidential user information.