TECHIES: Questions About Default Block Backdoor/SubSeven Trojan horse

I am technically challenged so can any savvy computer guy/gal please tell me when a Default Block Backdoor/SubSeven Trojan Horse is an attack or merely a harmless attempt to contact me on my computer.

I have Norton firewall and I have been getting more security alerts tonight than I have ever had before, about every minute or so, and I'm getting concerned.

Every time I'm alerted I do a visual tracking to see where the attack is coming from and most of them seem to be from different telecommunications companies. Some are probably harmless but others that don't fit into that category concern me.

I've gotten 16 security alerts within the last hour and Road Runner has attempted to contact me three times, all within about a twenty-minute period. The home address of Road Runner (RRMA) is 13241 Woodland Park Rd., Herndon, VA 20171. Each trace shows a different city that I'm being contacted or "attacked" from.

Maybe this is nothing to be worried about but if any of you can tell me more about this I would appreciate it very much.

what's there of any significance? anyone know?

I'd like the answer to that myself.

I have had that happen on a few occasions...then it suddenly stopped.

Does this mean the Busheviks have now successfully installed spyware on my computer?

Is there anything I can do to find out whether this is true or not?

It's just scanning. Kaazaa does it too. You might want to tell
your firewall to just block it without annoying you too, at least
when its just a scan. I get all sorts of scans from all kinds of
shit out there. You only have to worry about what gets through.

same here. mostley on weekends which let's me to believe that i have a trojan horse inside my computer ,,,,.. mostley charter communccations earthlink ,,, but sometimes places like korea, spain, even singapore.

http://www.experts-exchange.com/Applications/Viruses/Q_20714414.html

Quote:

Yep - Sub 7 as you know is a trojan. It sits on a PC and listens on a port
for people to connect to it.

There are people out there that scan the network looking for infected PCs
so that they can 'play' with them.

As a result, you'll probably get scans for Sub 7, and indeed other trojans
detected on a fairly regular basis by your firewall if it is configured to alert
you to them.

Next question is why you are getting so many scans. My guess is that
there is someone on your subnet that is infected with Sub 7 (ISPs have
blocks of IP addresses that they allocate to thir subscribers when they
connect), and hence the domain you are connected is known to have a
PC available to mess about with. As the IP address changes on each
connection, people trying to locate it have to scan the full list of IPs
provided by the ISP to locate it. Hence if someone is waiting for the
infected PC to come on line, they'll be scanning regularly until they find it -
hence the number of reports you are getting.

If you wish, provide log details and time to your ISP, and see what they
can do about it. Depending on where you are in the would, and where they
are, something might happen, but in all probability not a lot.

HTH:)

So you're saying my PC could be infected with a Trojan horse?

The subnet thing is still a little confusing to me though. As I'm writing this I'm having another alert. Couldn't get a location through visual tracking this time. Happens sometimes.

Geesh, they are coming fast and furious tonight. I guess I'm getting a little paranoid.

To sort of re-repeat what a previous poster explained, you are likely hooked through to an ISP in an adress block where at least one computer has a sub-7 infection. Playas are scanning all IPs in a certain range to try to hit on the infected machines.

Think of it this way. Imagine you live in an apartment block in which the numbers on the door get reassigned whenever someone leaves their apartment. When that person returns from work or shopping or whatever, their apartment gets a new, usually different, number. Now imagine someone in your apartment block has a broken window lock, so burglars and pranksters can easily get in and do naughty things. But the problem is, since the numbers keep changing, it's hard for them to find the right apartment. They have to try all the windows in all the apartments to find the right one. Your security system is notifying you of all these prankers blindly wandering around trying random windows on your apartment.

At least you can rest assured, chances are it's not personal.

The firewalls job is to make your computer safer, not to scare the hell out of you every time a stray packet floats by your connection.

They intentionally make those programs alert for every little thing, its called 'scareware' and it sells a lot of software. Apparently there is a segment of software buyers who dont think a security program works unless its constantly popping up windows about dire attacks in progress.

Get yourself a copy of Tiny Personal Firewall. Train it to recognize your appications and then forget about it. It will SILENTLY do its job, and you can feel safter knowing that not only is it blocking unwanted traffic from your connection, its also not trying to scare the hell out of you for a buck.

BTW its free for personal use too. ;)

thanks for the tip.

And if you want to be sure:
http://housecall.trendmicro.com
will remove Sub7 should your PC be infected .


Other (free) software worth having:
SpyBot S&D: http://security.kolla.de
Ad-Aware: www.lavasoftusa.com

I'll check that out too.

I know a lot of this contact is harmless but I hate feeling so vulnerable.

Tiny is good, but the rules configuration might be a little overwhelming to a newbie -- unless it's been simplified a bit. Personally I like Sygate (also free).

Also, you can get a decent 4-port firewall/NAT router for $50-80 these days. I'm using a Linksys BEFSR41, no complaints so far.

Mine's a Siemens SpeedStream. Once I put it in place, no further ZoneAlarm alerts of any kind.

In addition, since it's wireless, now I can not be annoyed by alerts while I'm working in the living room in front of a fire.