Saturday, 9/6: Trojan Horse virus attempts to connect to my computer reading ARS

D

Dicktop_Stud

Wierd! This is a first for me. And I know no one in South Korea. Hmmmm...


While reading ARS today, I received this security alert:

"Attempt to connect to computer using the Backdoor/SubSeven Trojan Horse blocked"

Time: 10:19 AM
Date: 9/6/2003
Prtcl: TCP (Inbound)
Remote: 61.103.8.13:2005
Local: 65.151.227.200:27374

61.103.8.13 assigned to:

Wonju Catv
Wonju, South Korea

Dream-X - CATV - WONJUBCSAEROUN-KR
1349-2, Bangok-dong, Wonju-s, KANGWON, 220-170
 
T

Tilman Hausherr

=> Goober with firewall.
http://www.samspade.org/d/firewalls.html


While reading ARS today, I received this security alert:

"Attempt to connect to computer using the Backdoor/SubSeven Trojan Horse blocked"

Time: 10:19 AM
Date: 9/6/2003
Prtcl: TCP (Inbound)
Remote: 61.103.8.13:2005
Local: 65.151.227.200:27374

61.103.8.13 assigned to:

Wonju Catv
Wonju, South Korea

Dream-X - CATV - WONJUBCSAEROUN-KR
1349-2, Bangok-dong, Wonju-s, KANGWON, 220-170
Click to expand...





--
Tilman Hausherr [KoX, SP5.55] Entheta * Enturbulation * Entertainment
(e-mail address removed) http://www.xenu.de

Resistance is futile. You will be enturbulated. Xenu always prevails.

Find broken links on your web site: http://home.snafu.de/tilman/xenulink.html
The Xenu bookstore: http://home.snafu.de/tilman/bookstore.html
 
B

Barry R. Ford

I found the "goober with firewall" article somewhat insulting. I use
ZoneAlarm, which provides excellent protection for the individual user
(someone with a single computer). It does this in part by making my
computer invisible to hackers. To others on the Internet, there is no
computer at my IP address. So I don't have to worry about someone
scanning my machine for open ports, and sending me a nasty like the
MSBlaster worm. And supposing some Trojan gets past Norton Antivirus
2002 (self-updating), ZoneAlarm will notify me of its attempt to connect
to the Internet.

The article contains a reference to a cyberpunks.org forum, but I
couldn't see the relevance of the link. Perhaps there was a post on the
forum at one time that supported the "goobers" author's position.

Finally, the "attack" listed does indeed fit the profile of a
Backdoor/Subseven Trojan, which attempts to communicate on port 27374.

References:

Backdoor/Subseven variants and ports:
<http://www.glocksoft.com/trojan_list/SubSeven.htm>

ZoneAlarm, other firewalls, and personal security: <http://www.grc.com/>
 
S

Steven Buehler

A lot of viruses are originating from Asia, particularly Korea, of late.

SWB
 
Top