Sub7 / Backdoor-G RAT

Locate your difficult ancestors through backdoor genealogy techniques

Getty/Maurice Alexandre F. P.

RAT is an acronym for Remote Access Trojan. A RAT might have a functional use, but it is typically used to describe malicious code that is installed without the user's knowledge with the intent of monitoring the computer, logging keystrokes, capturing passwords and otherwise assuming control of the computer from a remote location.

Sub7 and Security Software

As one of the oldest, most widely used and versatile RAT's available, Sub7 (and Backdoor-G) are detected and blocked by virtually every security software including antivirus and IDS (Intrusion Detection System) among others.

To experiment with this program you will need to disable security software. We don't recommend you do this on a computer connected to the live Internet. Testing and experimenting with this product should be done on a computer or network separate from the Internet.

What It Does

We have a brief overview of Sub7 which still gets a significant amount of traffic to this day. You can refer to that article for more details, but essentially there isn't much that Sub7 can't do. It can do just about anything from annoying stuff like making the mouse pointer disappear to malicious stuff like erasing data and stealing passwords. Below are some highlights of the key functions.

Audio / Video Eavesdropping

Sub7 can be used by an attacker to enable the microphone and/or webcam connected to a computer. As you are sitting at your computer surfing the web or playing a game the attacker may be able to watch or listen to everything you do.

Keystroke Logging and Password Capture

Sub7 can record every keystroke made on the computer. By analyzing the logged keystrokes an attacker can read anything you may have typed in an email or document or online. They can also find out your usernames and passwords and even the answers you give for the security questions such as "what is your mother's maiden name" if you happen to answer such questions while the keystrokes are being recorded.

Gremlins In The Machine

Sub7 is full of annoying things an attacker can use just for the sadistic pleasure in it. They can disable the mouse or keyboard or change the display settings. They can turn off the monitor or disable the Internet connection. In reality, with full control and access to the system, there is almost nothing they can't do, but these are some examples of the options pre-programmed to choose from.

Resistance Is Futile

A machine that has been compromised with Sub7 can be used as a "robot" and can be used by an attacker to disseminate spam or launch an attack against other machines. It is possible for malicious hackers to scan the Internet in search of machines that have been compromised with Sub7 by looking for remote, standard ports to be open. All of these machines create an assimilated network of drones from which hackers can launch attacks anonymously.

Where to Get It and How to Use It

The original site is no longer live, but Sub7 lives on with new and improved versions being released fairly regularly. For a complete history of the available versions or to download the software you can visit

We don't in any way advocate using a product such as this in a malicious or illegal way. We do however advocate for security experts and administrators to download it and use it on a separate subnet or network to be familiar with the capabilities and learn how to recognize if such a product were being used against computers on your own network.