Johannes B. Ullrich
jullrich at euclidian.com
Fri Jul 27 01:32:58 GMT 2001
This is a scan for a trojan called 'SubSeven'. Sub seven is all too comon
and people just scan random computers for it. There are even some worms
(e.g. the 'leaves' worm that caused headlines recently) that use SubSeven
Many people run SubSeven and don't know it. It's one of these things
people get you to install it by advertising it as a way to increase your
modem speed or whatever.
Once installed, SubSeven give strangers full access to your PC. However, a
virus scanner will recognize and remove SubSeven (so make sure that you
got a current virus scanner).
On Thu, 26 Jul 2001, ladyblckraven wrote:
> Can anyone tell me what this means, because I am constantly getting this message on my zone alarm.
> The firewall has blocked Internet access to your computer (TCP Port 27374) from 220.127.116.11 (TCP Port 4988) [TCP Flags: S].
jullrich at sans.org Join http://www.DShield.org
Distributed Intrusion Detection System
More information about the list