The best thing when someone sent me a sub7 or BO dropper, was to immediately rename the extension (so I wouldn't accidentally execute it), then open it up in a file viewer and skip to the end. Both programs just appended their configuration variables to the end of the executable file.

Which meant I now knew what port and password the sender was expecting to connect to me with.

However, most of them were skids, and had inadvertently executed their own dropper on their own machine at some point. And I knew their IP from the DCC.

Which meant I now knew what port and password to connect back to them with...