socalgal
05-24-2000, 06:28 PM
Received this from the TDS mailbot today. I don't use McAfee and haven't researched whether McAfee has this info on their site, but thought it may be informative for some of you.
--------------------------------------------
TDS - http://tds.diamondcs.com.au
In a surprise move, anti-virus vendor McAfee have decided to stop scanning
for NetBus, the trojan-turned-remote admin tool. Less than two years ago,
hundreds of thousands of NetBus trojan servers resided on infected
machines around the world. Today, newer versions of the software are being
sold as remote administration shareware.
While NetBus Pro lives up to it's claim of being a remote administration
tool, it still has the ability to run as a trojan. It has built-in
settings that allow the server owner to configure the server so that it is
completely invisible. Additional testing here at the DiamondCS lab and by
TLSecurity (http://www.tlsecurity.net) has proven how easy it is to modify
just a few bytes in the server to prevent the server from logging it's
activity, and various other things that the author put in that could
possible give the server away as being a trojan.
Regardless of whether a program is labelled a "trojan" or a "remote
administration tool", DiamondCS will always make detection available to
the user if there is any chance of the software being used in unauthorised
or trojaneous situations. You - the end user, has the right to know and
the right to choose what software is running on your system.
Related article: http://www.theregister.co.uk/000523-000018.html
Thomas C. Greene in Washington
--------------------------------------------
TDS - http://tds.diamondcs.com.au
In a surprise move, anti-virus vendor McAfee have decided to stop scanning
for NetBus, the trojan-turned-remote admin tool. Less than two years ago,
hundreds of thousands of NetBus trojan servers resided on infected
machines around the world. Today, newer versions of the software are being
sold as remote administration shareware.
While NetBus Pro lives up to it's claim of being a remote administration
tool, it still has the ability to run as a trojan. It has built-in
settings that allow the server owner to configure the server so that it is
completely invisible. Additional testing here at the DiamondCS lab and by
TLSecurity (http://www.tlsecurity.net) has proven how easy it is to modify
just a few bytes in the server to prevent the server from logging it's
activity, and various other things that the author put in that could
possible give the server away as being a trojan.
Regardless of whether a program is labelled a "trojan" or a "remote
administration tool", DiamondCS will always make detection available to
the user if there is any chance of the software being used in unauthorised
or trojaneous situations. You - the end user, has the right to know and
the right to choose what software is running on your system.
Related article: http://www.theregister.co.uk/000523-000018.html
Thomas C. Greene in Washington