Fourteen times today my firewall has blocked a Trojan horse by the name of Backdoor.Subseven. Most attempts have come from the same IP - 62.30.73.231 and some from five anothers.

quote:

---

This alert is warning you about a possible remote access Trojan horse program. A Trojan horse program masquerades as a legitimate program and damages or compromises the security of your computer.
Some Trojan horse programs perform malicious actions on the computer on which they are run, while others, such as Back Orifice, provide remote-control capabilities for hackers.

---

I followed the link to Norton's site and this Trojan horse can be unpleasant.

Is anyone else having problems that they know of?

I have just reported this to my ISP but would still be interested to know if anyone is under attack.

Your comp is under attack all the time. If Black Ice, my firewall doesn't intercept a ping every ten minutes or so I would be worried it wasn't working.

I have mine set to stop pop-ups and the like (which it does most efficiently) but this is the first time I have had a Trojan horse attempting to get in this way, it is now fifteen attempts and that is with an automatic block for 30 minutes each time.

I have done a reverse look-up and discovered that it is a GB based ISP. Hopefully my ISP will step in if there is a problem.

It isn't a Trojan Sue, it's looking for one on your comp.

agreed......

Keep an eye on it Sue.

Let us know the outcome!

wez.
Do you have NAV2001 or 2002?

I have a variety of Norton products installed, some programs like the virus protection are on each! The last installed was the Internet Protection, Family Edition 2001.

What concerns me is that my office computer is on the same ISP and due to complications it caused with our network I had to remove the firewall, it prevented my computer communicating with the server - mine is the only computer connected to the Internet. I do a virus scan daily and it isn't connected all day, just a few times each day.

It is now 16 attempts by 7 different attackers, always the same message, ie regarding Backdoor.Subseven.

My firewall picked up 20 attempts to get into my PC over about a 30 minute period from the same IP address each time on Wednesday or Thursday night (can't remember which). This is in addition to the standard pings and other warnings which I get all the time. Freaked me out a bit at the time - but as long as it's stopping them getting in then it's pointless worrying about it. Just wonder who got in in the past before I put the firewall on after getting the wretched machine rebuilt!

Yes, that is scarey especially as I leave this logged on for hours at the time, sometimes even overnight if I forget to log off. I bought the firewall before I had my new hard drive so this one has never been without one.

I have BlackIce and it's so WEIRD seeing how often people try to hack into your computer!!

Is this really 'hack' or does it ping when a cookie or pop-up attempts to come in? I have given permissions to certain events so get no warnings for these, also the pop-up is automatic and the reporting just tells me how many and the amount of time saved by rejecting them.

I find the whole thing very worrying.

The would-be hacker has a programme that pings 100's of IP addresses in the hope that one has a trojan installed that it can use. If you haven't a trojan and your firewall is blocking, you don't really have a problem.

What I will say is that it's just gone midnight on New Year's Eve and I've been online nearly an hour - and it's very interesting that tonight I haven't had anything try to get into my computer at all - which makes me wonder how many of those warnings normally have a person behind them (who's obviously in the pub this evening)?

I have tracked the IP address of the main offender, we are up to 41 attacks in about three days - most from just the one IP. Having obtained the contact details of the company who has that domain I have now e-mailed them, copied to a second contact name. They have both now received 2 e-mails from me, the first showed an example of the information provided by this firewall including the date and time of a random attempt and asking them why they are attempting to access my computer, the second is perhaps the start of a number to them giving them the details of the latest attempt.... they will get copies of all attempts that I am aware of from now on. I have their e-mail addresses in my address book for ease! If I get no sensible response in a short time, well I also have their telephone and fax numbers

If they find this annoying then so be it, I find it annoying to have them attempting to gain entry into this computer.

I have also emptied my cookies, not that it will help.

[ 01-01-2002: Message edited by: sue943 ]