Signature Detail

Short Name	TROJAN:SUBSEVEN:SUBSEVEN-HTTP
Severity	Critical
Recommended	No
Recommended Action	Drop
Category	TROJAN
Keywords	Syware Remote Administration Tool Subseven
Release Date	2005/06/03
Update Number	1213
Supported Platforms	idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+

TROJAN: Subseven (HTTP)

This signature detects the runtime behavior of the Trojan Subseven, a remote administration tool. When remote attackers know the targe's IP address, they can gain complete control over it, including deleting files, adding files, killing processes, scanning screens, recording activities, extracting passwords and so on.

Extended Description

Subseven is a well-known Trojan with a backdoor capabilities. It enables remote attackers to gain full control over an infected machine without the knowledge of the victim.

References

CVE: CVE-1999-0660
URL: http://www.spywareguide.com/product_show.php?id=24
URL: http://www3.ca.com/securityadvisor/pest/pest.aspx?id=22033

Signature Detail

Short Name

Severity

Recommended

Recommended Action

Category

Keywords

Release Date

Update Number

Supported Platforms

TROJAN: Subseven (HTTP)

Extended Description

References