I just got one of these:
Summary
Somebody has tried to access your machine with the "SubSeven Trojan Horse" and failed.
Details
This is a common intrusion detected on the Internet, resulting from hackers looking for systems who might have
been compromised with this program. It appears that you haven't been compromised, and that the hacker
has gone away.
A Trojan program is one that has some subversive purpose other than what it looks like One of the
favorite hacker techniques is to send these programs to people in the hopes they will be fooled into
running them. Typical Trojans are those that steal passwords, install a virus, reformat your hard-disk, and
so forth.
A particular popular class of Trojans are the Remote Access Trojans. These are programs that provide the
hacker complete remote control over your machine. The problem for that hacker is that while they can
often send you such Trojans via e-mail, chat, or news programs, they often don't know where on the
Internet you are located. For example, they can tell from your e-mail that you use a certain ISP, but they
don't know your current IP address. Therefore, if they think they've fooled you into running their program,
they must then scan the entire ISP's range for you.
The flip-side to this means that if the hacker isn't after you, you will still see their scans as they search
for their other victims. Likewise, the hacker may hope that some other hacker has hoodwinked you into
running this Trojan. This means the hacker may be looking for anybody who might be compromised.
Trojan Horse probes are therefore very common. They aren't a cause for concern.
The page on TCP port probe has more information on probing machines for open ports like this. Please see
that page for more details. |
