November 4th, 2001, 05:49 AM
How does this Trojan work? Sorry is this question has been brought up tons of times also! I'm a newbie and I don't understand all this stuff but I'd like to! I thought in order for someone to infect another with this Trojan, they had to email the victim the server. Now, since I've been online, someone has tried to infect me without emailing it to me but by sending it to my IP?! I'm totally confused here ad any info would be greatly appreciated! Thanks everybody and sorry once again if this has already been asked!!!!
November 4th, 2001, 01:16 PM
I'm starting to figure it all out people so NEVERMIND and sorry to dis. subseven!
November 5th, 2001, 11:05 PM
i'm still learninga bout the dangerousness (is that a word) of open ports on the computer, but most often, trojans are spread via emails and such. IP numbers are used to help make a connection betweent he trojan and the cracker. if you have more specific questions, please post a more precise entry.
November 6th, 2001, 02:05 AM
Ok, how about this on the same subject as to how it works! I have Norton internet security and sometimes I get a notification indicating that it (norton) has blocked an attempted connection or something like that against the subseven trojan? Once again, I thought in order to use that program the server.exe had to be emailed to the victim. That's all I want to know, man! How are they doing this??? I appreciate the response by the way..
November 6th, 2001, 02:26 AM
When you see a notification that someone has attempted to connect to you via port 12345 or port 27374, that's just someone "playing" with subseven trying to find people who have the server portion installed. They use the scanner portion of the trojan to see what victims they have out there.
I know my ISP doesn't view those kinds of scans lightly. If you are getting a few, notify your ISP as to who is doing it.
November 6th, 2001, 02:28 AM
ok first things first... I recommend getting a good virus scanner..like the 2001 or 2002 or whatever is out.. both mcaffee and systemanic (spelling?) are ok. then maybe look on line for some other programs that claim to sniff for trojans on your computer. make sure to donwload 10 of them or so, cuz no one works perfect.
Next is this. The Norton security program possibly logs a probe to a port and allerts you,right? it says something to do with possible sub7 trojan. Also, if you have some odd differnet program (actually some atomic clock time programs used this once) it may connect or use the SAME port as sub7 trojan uses. so the most commonussage of that port is the trojan tho. So therefore norton says that it Must be the sub7 trojan.
ok... it also didn't say that the sub7 trojan was running..it said that there was a port probe probably of that trojan's normal using probe. that means that someone possibly just picked your IP and "checked' to se eif that port was open and also to see if you had that trojan. Sometimes people infect the comptuer wiht trojans and others scan for the left overs. kinda killin two birds with one stone...or killin one bird with many stones. either way
most likley youdont have the trojan. But if yo uever got an email from someon with an attachment that you downlaoded and nothing happened, that was possibly the torjan. other programs can be joined with programs so that they both run at the same time. like you got a funny joke program but inside was the trojan. most oftne a virus scanner wills top this tho. always make sure that you view the extension of any file...try to stay away from .exe .com .vbs .bat .pif and many others...and then there is macros insideof doc and xls files and such..coudl go on forever.
so i'd say, dont be scared of the trojan. you got a security program that seems to be telling you that its not installed, so this is good. even if it were installed (the trojan) its being blocked by the security program.. that program woudnt stop a hardcore cracker to get into your system, but it will stop the normal scans.
November 6th, 2001, 05:35 AM
ok, great! I'm sorry if I wasn't being very specific! You know, even if someone was trying to get connected to me, isn't it likely they spoofed their IP address to cover up themselves? I mean yeah, I could report it but what if they did indeed spoof, then they couldn't be traced right? Please tell me if I'm going too far here, I'm just trying to learn what this stuff is all about!! THANKS TO ALL WHO HAVE HELPED!!
November 6th, 2001, 05:12 PM
well, if you look in the forum about tutorials on this site, you'll notcie a spoofing IP tutorial. i 'm dont' understand all of t hat, but the way it seems, IP sppofing is very difficult. what seems to happen is people use anonymysers (sp?) and ip forwards and stuff.. if this is a problem, alot of the anon surfers keep logs ...also a forwarded ip still has the ip of the last connection...so it can all be tracked down.
did you make some enemies that you are scared that people are going to connect, or are you just learning for learning sake? i think you should also refer to the tutorials forum at AO here. when i get back off the road, to a real comptuer, i'm gonna probably write some tutorials for that too. keep your eyes peeled.
November 7th, 2001, 10:03 AM
Go to grc.com they have a huge article about this trojan and how it took down their servers
How does this Trojan work? Sorry is this question has been brought up tons of times also! I'm a newbie and I don't understand all this stuff but I'd like to!
Wine maketh merry: but money answereth all things.
November 7th, 2001, 09:06 PM
Nah, I haven't made any enemies! At least none that I am aware of!! Yeah, I'm just learning for learnings sake! Thanks!