Sub Seven Trojan Question
TomR
see from some of the posts here that some of you think that the
firewall is a waste of time. Not sure if that is universal or not,
but I thought it might be an added bit of insurance. Anyway, I
receive at least 5-10 security alerts daily due to the firewall
blocking attempts by a sub seven trojan program to access my computer.
I do not understand this, as I do not have any virus infected files on
my computer, at least as far as Norton is concerned. I have also
downloaded other programs specifically designed to look for trojans
without any infected files being detected. Why would a trojan try to
access my computer, and is this a danger if there are no infected
files on the computer? I appreciate your help with this question.
Incidentally, I have been running virus scanning software for well
over three years, due to being hit by Back Orifice prior to doing
this. Went to bed with 4 gigs and woke up with 3 megs. Not fun.
Thanks
Tom
koorbł
Norton will not detect the newest version of Sub Seven. I know iv
tried it on a mates computer (we where just seeing how bad Norton
really is). Try downloading AVG and do a system scan. That should
detect it, as that's a good virus guard.
Gary Flynn
>
> Why would a trojan try to
> access my computer, and is this a danger if there are no infected
> files on the computer?
Its someone using a scanner or automated tool (perhaps even
a worm some day) looking for systems with the trojan
server installed. They're fishing. If nothing bites (i.e.
there isn't trojan software running on your computer listeninng
on the port they're looking at), you're fine.
Its likely you're not the target...they just cast a wide
net to see what they come up with.
--
Gary Flynn
Security Engineer - Technical Services
James Madison University
Please R.U.N.S.A.F.E.
http://www.jmu.edu/computing/runsafe
Jerry Broszkowski©
>
> I am running Norton System 2001 and the Norton Firewall program. I
> see from some of the posts here that some of you think that the
> firewall is a waste of time. Not sure if that is universal or not,
> but I thought it might be an added bit of insurance. Anyway, I
> receive at least 5-10 security alerts daily due to the firewall
> blocking attempts by a sub seven trojan program to access my computer.
> I do not understand this, as I do not have any virus infected files on
> my computer, at least as far as Norton is concerned. I have also
> downloaded other programs specifically designed to look for trojans
> without any infected files being detected. Why would a trojan try to
> access my computer, and is this a danger if there are no infected
> files on the computer? I appreciate your help with this question.
>
I get probes on ports 27374 (and others) associated with Sub-7 all
the time.
For example, I got a probe today from 24.6.53.205.
Doing a scan of 24.6.53.205 I got:
* + 24.6.53.205 cx823325-a.ftwal1.fl.home.com
|___ 27374 Sub-7 2.1
|___ PWD
So I'd guess that they're infected with Sub-7 and whoever is in
control is scanning other machines looking for other Sub-7
infections. If you had the Sub-7 software, you could probably
take control of the above machine.
Anyway, don't worry, your firewall is doing its job. Even if you didn't
have the firewall and weren't infected, the probe would be harmless.
--
Take Care,
..jb
// Jerry Broszkowski // (403)245-5131 // jtb...@shaw.ca.NOSPAM //
miner.-
"Jerry BroszkowskiŠ" <_NOSPAM_...@shaw.ca> wrote in message > >
>
> I get probes on ports 27374 (and others) associated with Sub-7 all
> the time.
>
> For example, I got a probe today from 24.6.53.205.
>
> Doing a scan of 24.6.53.205 I got:
>
> * + 24.6.53.205 cx823325-a.ftwal1.fl.home.com
> |___ 27374 Sub-7 2.1
> |___ PWD
>
> So I'd guess that they're infected with Sub-7 and whoever is in
> control is scanning other machines looking for other Sub-7
> infections. If you had the Sub-7 software, you could probably
> take control of the above machine.
>
to crack the password first.
miner.-