The UK Home Automation Archive

Archive Home
Group Home
Search Archive


Advanced Search

The UKHA-ARCHIVE IS CEASING OPERATIONS 31 DEC 2024

Latest message you have seen: RE: Fw: OT: Thinking of buying a Widescreen TV?


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: OT SubSeven Back door Trojan



It's likely to be just random scans -  Norton's picking them up and
blocking
them, so I wouldn't worry about it.

One thing to check (on a more general level) is whether Norton stealths
your
ports or actively responds with a "not open" message.  If the
former, no
response is generated at all, so the attacker doesn't even know a PC exists
on that IP.  If the latter, then your IP could get logged for them to try
any other type of attack they may have.

The holiday periods are always more active because of school/college/etc
breaks, ie more time for the muppets to get bored and resort to long,
unattended scans.

The frequency of this particular one appearing may also be down to a new
scanner or SubSeven controller suddenly appearing on the "market"
- it's one
of the older "easy-to-use" remote-control trojans, and variations
are always
appearing.  Most of the time though, the differences are in the front end,
the delivery method, add-on tools (proxy scanners, IP logging,
proxy-bouncing etc etc) as those bits are easier to customise and develop
than disguising the attack as something other than S7 to get around
security
products.

G
----- Original Message -----
From: "Stuart Whyte" <lists@xxxxxxx>
To: "UKHA" <ukha_d@xxxxxxx>
Sent: Wednesday, January 02, 2002 2:24 PM
Subject: [ukha_d] OT SubSeven Back door Trojan


> Gents,
>
> Ove the last few days, I have been getting a lot of Norton Internet
Security
> alerts saying a connection is trying to be made on port 27374
(SubSeven
Back
> door Trojan)the attacks are coming from different ISP ranges, so Im
not
> convinced its a PERSISTANT attacker, more random attacks.  It is,
however,
> the only alert that keeps apearing.  Does anyone know what it is, is
it
> likely to be a script kiddie, and should I just ignore it??
>
> Thanks in advance.
>
> Stuart
>
>
>
>
> For more information: http://www.automatedhome.co.uk
> Post message: ukha_d@xxxxxxx
> Subscribe:  ukha_d-subscribe@xxxxxxx
> Unsubscribe:  ukha_d-unsubscribe@xxxxxxx
> List owner:  ukha_d-owner@xxxxxxx
>
> Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/
>



Home | Main Index | Thread Index

Comments to the Webmaster are always welcomed, please use this contact form . Note that as this site is a mailing list archive, the Webmaster has no control over the contents of the messages. Comments about message content should be directed to the relevant mailing list.