Backdoor/SubSeven Trojan Horse

Bird · Jan 22, 2004

I was wondering whether anyone else is using Norton's Personal Firewall as I am. I get dozens of "security alerts" daily; some days more than others; probably more than 25 in the last hour, that some IP has tried to access this computer via a "Backdoor/SubSeven Trojan Horse". I've read on Symantec's web site that not all security alerts are malicious attempts, but I don't understand all that, and apparently there are many variations of this particular trojan horse.

Dozernut · Jan 22, 2004

Bird
This is my experience, like you I run Norton's fire wall and was getting hit 15-20 times a day. Not all were malicious but some were. I did a printout of the list of activity with the IP numbers of the protagonists, from my Norton program. I then made a complaint to my service provider and gave them a copy of the list. I don't know what went on, but the the attempts started dwindling and now I have few if any attacks. Like I said this was my experience, it might not work for you.

JerryG · Jan 22, 2004

I get a lot of those some days. Then I may go for a week or more with nothing. I would like to know how they get am IP to attack.

Bird · Jan 22, 2004

</font><font color="blue" class="small">( I did a printout of the list of activity with the IP numbers of the protagonists, from my Norton program. )</font>

I haven't been able to figure out how to do that. /forums/images/graemlins/crazy.gif I'm using Norton SystemWorks 2002 and the Personal Firewall I got at the same time, and I download the updates very frequently. However, I just let Symantec run their online security check and while most things check OK, it says that even though my antivirus definitions are up-to-date, antivirus technology changes and I should upgrade to the latest version. /forums/images/graemlins/confused.gif

CTyler · Jan 22, 2004

Thier just running a script scanning all IP address' or a range of address'. They are not scanning you per se, your just in the address range.

I used to get tons of these everyday and peeps trying to hack my personal IIS server. I run Zone Alarm and think its the best thing yet, better than Norton, Black Ice etc... A couple years ago I set up simple Linksys router. The router blocks all the scans. Haven't had a single inbound alarm since. Still run ZA so I can monitor whats trying to send outbound and make the decision on what is done.

kevincook · Jan 22, 2004

I use a Linksys BEFSX41 Firewall Router in addition to Norton Internet Security. Without the router I get several warnings from NIS every hour with the router I never get any warnings from NIS. They cost about $59 on sale....I figure that is cheap enough insurance.

Kevin

Bird · Jan 22, 2004

Aaaahhhhh, wish I understood these computers and software better. I'm using Norton SystemWorks 2002 and the Personal Firewall that came with it. And now, even though it's regularly updated, they say I really ought to "upgrade". So they have SystemWorks 2004 and Personal Firewall 2004, but they also have the "Internet Security 2004", so what's the difference; i.e. why would I buy Internet Security over SystemWorks, or vice versa? /forums/images/graemlins/confused.gif

JASTN70D · Jan 22, 2004

Bird

I think a firewall would be a better way to go. Think about it this way the software you are using tries to let only certain people in your house by guarding the door but sometimes the guard is fooled by the person knocking in to believing it is a friend that has been invited. But the firewall makes your house unseen to everyone except by those you want to let in. There is a reason to have both (slightly better protection) but if you have a firewall there is no reason at this time to upgrade the software. As far as the difference in the software not much mostly marketing hype and unbundling for profit

Bird · Jan 22, 2004

Thanks, John, that's kinda what I've been thinking. I'm using the Norton Personal Firewall now (2002 version) and of course, one option is to "Hide Alert Tracker" and then I guess it would still be blocking those attempts, but I just wouldn't notice it. I get several a day any time, but today, it's several a minute and I just can't figure out why.

PBMAX · Jan 22, 2004

Bird are you on DSL or cable modem? if so you may have some one snooping around looking for open doors. As long as you keep your firewall up, as previously mentioned,you should have no problems. its doing its job. I' agree with the assesment you prob don't need to upgrade for firwall purposes. I have heard it said lately that virus righting but heads now some how are targeting norton and macfee anti-virus software for cracks and holes. (not sure how true but wouldnt suprise me) Not something to be overly alarmed about just be aware.... /forums/images/graemlins/tongue.gif