NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Security Warning!!!



Mcafee have it  listed (multiple versions) if you search on sub7 here.

 <http://vil.nai.com/VIL/default.asp>  http://vil.nai.com/VIL/default.asp 

 

NAV

http://www.symantec.com/avcenter/venc/data/backdoor.subseven.html
<http://www.symantec.com/avcenter/venc/data/backdoor.subseven.html> 

 

Either you do not have things configured correctly or your defs are not up
to date.

 

regards

Dean

  

-----Original Message-----
From: Benjamin Keller [mailto:[email protected]]
Sent: Wednesday, March 14, 2001 3:21 PM
To: FWList (E-mail)
Subject: [FW1] Security Warning!!!
Importance: High

 

Att: All Security Admins,

 

If you are already not aware, their is a new threat to the security of your
networks. It's call Sub7 http://www.sub7files.com/

it is not new and thus prompting the intent of this e-mail.

We are running Fw1-4.01-sp2, Nav 7.5 cooperate, and esafe e-mail scanner. I
have downloaded it installed it and ran it on my test lab. Norton did not
detect the Trogon/Worm nor did e-safe find it when I e-mail it to my self.
It was scanned and found to be clean... This programs gives almost unlimited
access to the local pc as well as the ability to snoop the network all from
the client pc.. It can be masked to look like any service, and leave very
little evidence of being installed. It can be programmed ( with little
effort ) to run on ANY port.

I am still waiting to hear from Symantec and Aladdin to find out if they are
aware and or ready to come out with definition. The service can be called
anything (Rundll32 by default) or Word, Outlook, Explorer, System Idle
Process, etc.. While someone is connected it will not show up by doing a
netstat -a. It only affects Windows machines.

Just a heads up.

If anyone knows how to find/remove it I would appreciate it.

Thanks,

Benjamin Keller

Systems Administrator

Conceptis Technologies

This message has been scanned by Cyberonics, Inc. for a Virus.
______________________________________________________________
***************************************************
This e-mail is  not an  official  statement of  the
Waikato  Regional  Council unless otherwise stated.
Visit our website http://www.ew.govt.nz
***************************************************


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.