Backdoor/SubSeven - Why does this happen?

Discussion in 'Windows Desktop Systems' started by GW610XL, Jan 14, 2004.

  1. GW610XL

    GW610XL Guest

    What's the deal with these Norton security alerts:

    Attempt to connect to local computer using the Backdoor/SubSeven Trojan horse blocked.
    Protocol: TCP (inbound)


    All I can find is a brief description stating that someone is attempting to gain control of my system.

    I want to know more.

    Does this happen to everyone, or does my new system have some sort of beacon that attracts misfits?
    What can be done to prevent these attacks (beyond just blocking them), and where could one report such a crime?
     
  2. ming

    ming OSNN Advanced

    Messages:
    4,252
    Location:
    UK
    I believe many many people get this message if they use Norton IS (if they check their logs/alerts).
    Norton alerts users that someone is scanning their ports to see if there is an open port that will accept a connection from the trojan.
    There's nothing to worry about unless you know that your computer is infected with a trojan. If it is, you should seek to remove it ASAP before any damage could be done.
     
  3. GW610XL

    GW610XL Guest

    Thank you for the information.

    Should I assume that such ports are kept secure by N.I.S. (using the highest setting), or are there further steps that could be taken to ensure this?
     
  4. Erbmaster

    Erbmaster Moderator Folding Team

    Messages:
    1,195
    Location:
    Middle Of Nowhere - UK
    Yah, what ming said :cool:
    Firstly to ensure this kinda warning doesn't become a threat.
    Give your PC a complete Anti-viral scan.
    Once it's definitely free from trojans, NIS is doing it's job. It's letting you know that
    someone tried to get in through a port, or scanned for a port, but the packets were dropped/refused.

    Never open unsolicited emails, or click willy-nilly on attachments unless you know
    exactly what you're opening and who it's from.
    Keep all defininitions and firewall rules up to date, and you shouldn't be at risk from
    trojan activity.

    If you wish to look at what ports are open on your system, download activeports from
    the NTFS front page. It'll tell you what ports are open what's controlling them, and
    offers links to a comprehensive list of known ports, and trojans that utilise the said
    ports.

    I'd also recommend reading the following to get a better scope on PC security in general, and other users personal recommendations...
    NTFS Firewall Poll
    NTFS Anti-Virus Poll
    Enyo's Security Links Thread

    Hope this helps ;)
     
  5. GW610XL

    GW610XL Guest

    Thanks, I'll look into all of that. :)
     
  6. Mubbers

    Mubbers Shoot! Political User

    Messages:
    1,087
    Since getting broadband it happens all the time to me, mostly always the sub backdoor/sub seven combo but sometimes others.
     
  7. GoNz0

    GoNz0 NTFS Stoner

    Messages:
    2,781
    Location:
    the year 2525
    i used to get that back in the dial up AOhelL days, its was AOL sending there wierd and wonderfull info to see if your still online.
     
  8. ming

    ming OSNN Advanced

    Messages:
    4,252
    Location:
    UK
    As I have mentioned in earlier threads there is nothing to worry about as long as you are sure your machine has not been infected with the trojan.
    If uncertain of this, do find out how to remove it by visiting:
    http://www.symantec.com

    The only thing that is bugging most of you is the alerts that you are getting more than anything. This is true for me, I hate seeing the alert pop up in my face. :p