It's probably not "real" trojans, and much less horses, as you encounter them surfing the web (and especially while working on your own sites) but an AV firm has a legitimate interest in proving the worth of the product, so sometimes terms are applied a bit loosely.

You could consider disabling activeX in your browser, that's an easy security feature to implement. A lot of sites use these controls, try setting the browser to "dispaly warning" first, you'll be amazed.

/claus

Thanks for the suggestions, Claus.

Norton's message is pretty specific about the trojan horse. It gave me the IP address which noted that it tried to connect to my computer using the Backdoor/SubSeven Trojan Horse.

When I checked the web for more info, the backdoor/subseven seemed to come as an email attachment, so I'm a bit unclear on why I get this message when I'm not getting any email with or without attachments.

Oh, then it's probably not even related to the pages you surf. I'm sorry that i didn't see the word "firewall" when i first posted. I did see the word Norton though, so i assumed it was a virus shield/proxy that was active when you surfed the web.

It's probably just some computer out there that sends a request that the Norton firewall knows subseven also sends or something. It might even be subseven or an actual attempt/probe for an attack. No problem, the subseven is known - just keep the firewall updated, that's about the best you can do. Then, just lean back, relax, and be glad your firewall is there. Another one just hit a brick wall and didn't come in - this happens all the time. You might want to disable all those alerts though... after all it will never report anything when it fails and it only gets you paranoid to see them popping up all of the time.

/claus

Okay, thanks.

but an AV firm has a legitimate interest in proving the worth of the product, so sometimes terms are applied a bit loosely.

I've been using Norton Internet Security (AV/Firewall) for several years, and I feel the Firewall is a bit histrionic; reporting lots of scary stuff, when in all account it's usually just internet 'noise.' I do keep active scripting, DirectX, install on demand, and everything else that wants to run on my machine... to a precautionary 'allow/disallow' confirmation window.

keyplyr

I agree with you,

Most of the warnings I get with my Zone Alarm tends to be
Traffic noise from the Internet.

Its quite rare that I get attacked in this manner most of my viruses are coming through email but since my hosting company has just installed a blocker for any file types I request to block I feel a little more at ease.

You could always add a hardware firewall to your Internet POP and block the traffic from reaching yuor software firewall... That way, you've built in an extra layer of protection - using NAT. With NAT and Personal Firewall, you'll be a hard target, assuming they're all configured properly.

I echo the "Internet Noise" as the cause - we see these alerts all of the time- I think the firewall just looks at the TCP Port of the incoming packets - if the port matches a known trojan, then it generates the warning.

Backdoor/SubSeven Trojan Horse.

Norton throws up this warning fairly regularly. Since it always blocks it, (and I'm always fully updated) I don't worry about it.

Where you go makes a difference. In an average week I'll get a couple of these. If I happen to have spent a little time in an adult oriented site, I may get 20 a day for several days. They are definitely after something.

Okay, thanks for the additional info. I didn't realize it was so common to get these messages. I have had the Norton firewall up for some time, but it's only been these last week or so that I've been getting the trojan horse attack messages.