SubSeven – aka: Sub7 and Sub7Server is a backdoor program, in the form of a Trojan, used mostly for causing trouble on computer networks. It can be used for simple attacks such as hiding the mouse cursor and opening applications, but it can also be used for more serious attacks including retrieving all your personal information stored on your machine and all computer settings.
The name SubSeven was derived by reversing the word Netbus (also a famous backdoor program) and replacing with the world ‘ten’ with ‘seven’
netbus = subten = subseven
In order to mitigate this application from attacking your network the following Access-list can be configured on your routers interfaces. Most Anti-Virus programs will also prevent it from attacking your machine.
AOIP.ORG(config)# access-list 100 deny tcp any any eq 1243 log
AOIP.ORG(config)# access-list 100 deny tcp any any eq 2773 log
AOIP.ORG(config)# access-list 100 deny tcp any any range 6711 6713 log
AOIP.ORG(config)# access-list 100 deny tcp any any eq 6776 log
AOIP.ORG(config)# access-list 100 deny tcp any any eq 7000 log
AOIP.ORG(config)# access-list 100 deny tcp any any eq 7215 log
AOIP.ORG(config)# access-list 100 deny tcp any any eq 27374 log
AOIP.ORG(config)# access-list 100 deny tcp any any eq 27573 log
AOIP.ORG(config)# access-list 100 deny tcp any any eq 54283 log
AOIP.ORG(config)# access-list 100 permit ip any any
AOIP.ORG(config)# interface fa0/0
AOIP.ORG(config-if)# ip access-group 100 in
AOIP.ORG(config-if)# exit
AOIP.ORG(config)# interface fa0/1
AOIP.ORG(config-if)# ip access-group 100 in
AOIP.ORG(config-if)# exit
AOIP.ORG(config)#
