Trojan
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Trojan

  1. #1
    Junior Member
    Join Date
    Aug 2002
    Posts
    24

    Question Trojan

    Ok...
    heres the deal
    my friend recently got a sub seven attack
    I knew how to get rid of it and I had heard of it before but,
    I have never fully understood how it is that a trojan has worked. I checked the archives and have found no information at all about it. I know that a host sends a packet that changes the victims port, but otherwise than that I still have no clue about how he found my friends Ip. I mean isn't it hard to get a ip address off of cable internet?

    any instructions would be greatly accepted.


    [pong]THIS IS NOT MEANT TO GET ME FLAMED... IT HAS HAPPENED BEFORE![/pong]
    Share on Google+

  2. #2
    Banned
    Join Date
    Apr 2003
    Posts
    3,840
    here's pretty much everuthiong on Subseven .... wasnt hard to find ... if any1 has something to add please do ..

    *****Backdoor.SubSeven is a Trojan horse, similar to Netbus or Back Orifice. It enables unauthorized people to access your computer over the Internet without your knowledge. When the server portion of the program is running on a computer, it is possible for the person who is accessing the computer remotely to do the following:*******

    http://www.symantec.com/avcenter/ven....subseven.html
    Share on Google+

  3. #3
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Getting a persons IP is rather simple. However I'm not going to tell you step by step how to do it, or give you "instructions' as you put it. Suffice it to say that any time you establish a direct connection with another computer, your (or you gateways) IP address is revealed. Some examples of this would be Sending Files over MSN, a message or a file over ICQ or using P2P software. I won't tell you how to go about getting it, but those are a few examples of actions that will reveal your IP to another person. They just have to know how to find it.

    Sorry for the vague response, but the question is a lil too reminicent of script kiddie questions for me to go into any further detail, and if you strictly want to know if it's possible, that should provide you with enough information.
    Share on Google+

  4. #4
    To find any connections or listening apps, type for Win32:

    Code:
    ipconfig/all
    Since Sub 7 does not work on *NIX, I am assuming that's the OS you are referring to. Hope this helps.
    Share on Google+

  5. #5
    Senior Member
    Join Date
    Aug 2002
    Posts
    651
    Errmm...did you mean netstat? ipconfig /all will show detailed information on the TCP/IP configuration.
    Opinions are like holes - everybody\'s got\'em.

    Smile
    Share on Google+

  6. #6
    Ohh yeah. I was really, really tired when I replied.

    heh
    Share on Google+

  7. #7
    Senior Member
    Join Date
    Aug 2002
    Posts
    651
    I understand alittlebitnumb.

    As far as trojans go, part of your front line of defense is your AntiVirus software. Good AV with regular updates will catch many trojans and stop them at the door. There are many choices out there (you can search for fellow AO'er's opinions on the front page. Some that come to mind are McAffee, Norton, Trend Micro, and so on and so forth. Remember that AV is of hardly any use if it's not kept up to date with regular updates. Otherwise, an unknown signature could make it through to your machine and ineffect you with a trojan or virus.

    If you have a trojan on your machine, or you think you do, you can use a trojan scanner to detect and remove it. There have also been numerous discussions about this here on AO. Just to name a couple, there are The Cleaner (from Moosoft) and TDS (Trojan Defence Suite) - the latter of which I am growing quite fond.

    For monitoring connections to ports on your machine in realtime, you can try Active Ports or TCPView - the former of which will also give you the option to terminate the connection from the GUI. These will also list the process and/or application using the port so that you can keep tabs on the activity more effectively. As of this post, active ports is not on the site, but you may be able to Google for another location - it looks temporary. There is also fport, but it doesn't give you realtime updates; you have to keep executing it.

    The above posts are correct; however, getting an IP is rather trivial. All that's needed is a little traffic. You friend is probably not being picked on, but rather part of some script kiddie's batch scan for possible victims. They tend to pick the low-hanging fruit, if you know what I mean.

    Hope that helps.
    Opinions are like holes - everybody\'s got\'em.

    Smile
    Share on Google+

  8. #8
    sub7 ?? of u have open server for subseven , the person who is accessing the computer can do almost every thing ... i used it , it give u full control in the victem PC .. 2 remove the server just search for sub7remover or u can download the sub7 itself , reopen the server and just get in your computer from the sub7 (the default port is 27374) and remove the server , or u can alway change the port and put a password in it (through the edit server) .. u can download it from sub7.net and i think that mirror 3 i working ....
    Share on Google+

  9. #9
    Senior Member
    Join Date
    Nov 2001
    Posts
    4,786
    sub seven is remote access software. period. it dosn't just put itself on your computer someone has to put it there. anti-virus is all fine and dandy and no computer should be without it but a poorly configured computer and ignorance of security issues could have half the world getting porno and warez off you machine and buying things with your credit cards without a single virus or trojan. just using compleatly legit software that AV software would never detect. youd be lucky if the new owners even let you log in. (although that would be dumb the victim might actually suspect something)

    the best defence...the first line of defence... is knowledge
    Bukhari:V3B48N826 “The Prophet said, ‘Isn’t the witness of a woman equal to half of that of a man?’ The women said, ‘Yes.’ He said, ‘This is because of the deficiency of a woman’s mind.’”
    Share on Google+

  10. #10
    Senior Member
    Join Date
    Aug 2002
    Posts
    651
    Originally posted here by Tedob1 the best defence...the first line of defence... is knowledge
    Good point! There's no substitute for that.
    Opinions are like holes - everybody\'s got\'em.

    Smile
    Share on Google+

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •