1: The use of a trojan like sub7 requires for the attacker to either allready have some sort of access to your system or to some social engineering to trick you into executing a file you should not have. Leaving a trojan on a system is performed to have easier access to a system instead of using an exploit time and time again which brings me to the second question.

2: Open ports form a security issue but are neccesary in some occasions.
Say you want to run a webserver. If you want this webserver to be visible to the outside world (the internet) you usually have to set firewall rules to allow incoming connections on the specified port (usually port 80 for webservers).
Now if you run for example IIS on your machine a misschief will search the net for some known exploit and perform this on your machine. To perform a certain exploit on your machine time and time again will not be what the attacker wants so he leaves a backdoor.

Sidenote: Subseven is lame as it will be detected by every virus/anti trojan scanner on the market.
Sidenote two: To prevent you need to make sure your box is patched and locked down up to date. You can subscribe to some security mailing list to keep up with newly discovered exploit/patches. Also monitor your logs for strange behaviour.

I hope this brings you some insight.

Cheers
noODLe