Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

Short Name

 TROJAN:SUBSEVEN:SCAN

Severity

 Low

Recommended

 No

Category

 TROJAN

Keywords

 subseven

Release Date

 2003/04/22

Update Number

 1213

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

TROJAN: SubSeven Scan Attempt


This signature detects TCP packets sent to TCP port 27374. This can indicate an attacker attempting to confirm installation of the Trojan SubSeven v2.2 on the system. SubSeven, a remote administration Trojan, allows attackers to access data and gain control over some functions on remote Microsoft Windows systems. This signature can sometimes trigger false-positives when legitimate services are running on port 27374.

Extended Description

SubSeven is a Trojan that allows remote attackers to gain full control over an infected machine.

References

  • CVE: CVE-1999-0660
  • URL: http://www.symantec.com/security_response/writeup.jsp?docid=2001-020114-5445-99
  • URL: http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q319813

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out