The SOPHOS
ANTI-VIRUS detects this. Try a download copy of the from www.sophos.com. I have ran this for the last
three years on networks and can not complain. They update daily and send
software monthly, plus a lot of new ways for scanning and deploying. Sorry for
the sales pitch but love the software for networks and the free version for
home use.
Thanks Tony Sodaro
Tony Sodaro
<<< Cyberonics >>>
16511
Space Center Blvd. Suite 600
Houston,
Texas 77058
http://www.cyberonics.com/
mailto:[email protected]
(O) (C)
--------------------------------------------------
\\\|///
\\ - - //
( @ @ )
---oOOo-(_)-oOOo-----
| GO CYBX |
-----------------Oooo---
oooO ( )
( ) ) /
\ ( (_/
\ )
-----Original
Message-----
From: Benjamin Keller
[mailto:[email protected]]
Sent: Wednesday, March 14, 2001
3:21 PM
To: FWList (E-mail)
Subject: [FW1] Security Warning!!!
Importance: High
Att: All Security Admins,
If you are already not aware, their is a
new threat to the security of your networks. It's call Sub7
http://www.sub7files.com/
it is not new and thus prompting the
intent of this e-mail.
We are running Fw1-4.01-sp2, Nav 7.5
cooperate, and esafe e-mail scanner. I have downloaded it installed it and ran
it on my test lab. Norton did not detect the Trogon/Worm nor did e-safe find it
when I e-mail it to my self. It was scanned and found to be clean... This
programs gives almost unlimited access to the local pc as well as the ability
to snoop the network all from the client pc.. It can be masked to look like any
service, and leave very little evidence of being installed. It can be
programmed ( with little effort ) to run on ANY port.
I am still waiting to hear from Symantec
and Aladdin to find out if they are aware and or ready to come out with
definition. The service can be called anything (Rundll32 by default) or Word,
Outlook, Explorer, System Idle Process, etc.. While someone is connected it
will not show up by doing a netstat -a. It only affects Windows machines.
Just a heads up.
If anyone knows how to find/remove it I
would appreciate it.
Thanks,
Benjamin Keller
Systems Administrator
Conceptis Technologies
This message has been scanned by Cyberonics, Inc. for a Virus.
______________________________________________________________