| VID |
24018 |
| Severity |
40 |
| Port |
1243 |
| Protocol |
TCP |
| Class |
BackDoor |
| Detailed Description |
The SubSeven backdoor is installed. SubSeven is trojan which allows an intruder to take the control of the computer. With the SubSeven backdoor, an attacker can do the following:
- shut down or restart user computer
- retrieve saved and cached passwords
- modify user system registry
- upload, download, and delete files from user system
SubSeven is a powerful backdoor that is widely used against Windows systems. With the most recent versions, a remote attacker can do anything to a victim's computer that could be done locally. For these reasons, SubSeven should be removed immediately if found on your network.
SubSeven version 1.x only work on Windows 95 and 98. The default TCP port is 1243, and SubSeven also listens on port 6711 and 6776. Since it is so highly configurable and difficult to detect, the easiest method to remove it is to use an up-to-date virus scanner.
* References:
http://xforce.iss.net/alerts/advise30.php
http://www.iss.net/security_center/static/2245.php |
| Recommendation |
The SubSeven backdoor can be very difficult to remove manually, because the executable is difficult to locate and identify on your system. Refer to the steps below for using an antivirus program to remove the backdoor.
To use an antivirus program to remove the SubSeven backdoor:
1. If you do not have an antivirus program installed, download and install one of these virus scanners:
- Norton AntiVirus: http://www.symantec.com/nav/indexA.html
- McAfee VirusScan: http://software.mcafee.com/centers/download/
- Trend Micro PC-Cillin: http://www.trend.com/pc-cillin/
2. Run the antivirus program to scan your system for this backdoor. The virus scanner should find and remove the SubSeven backdoor from your computer. |
| Related URL |
CVE-1999-0660 (CVE) |
| Related URL |
(SecurityFocus) |
| Related URL |
(ISS) |
|
