Telecom and Logistics Associates 

Security NEWs Service: TLAnews
publication: Christian ALT  new6.gif (1031 bytes) TLAalert    Security Service 
Translate this page from:  Save Time and Money 

24.5.2000 SecurityNetBus Pro no more a trojan for McAfee
NetBus Pro called remote administration and spy tool, is not considered anymore as a trojan by Network Associates anti-virus division McAfee.

En français: NetBus Pro n'est plus considèré comme un trojan par McAfee
 NetBus Pro appelé outil d'administration distante ou outil d'espionnage, n'est plus considèré comme un cheval de troie par la division anti-virus McAfee de Network Associates

English version
 NetBus Pro called remote administration and spy tool, is not considered anymore as a trojan by Network Associates anti-virus division McAfee, which  has decided to stop scanning for the Trojan called NetBus Pro, made by UltraAccess Networks, which can give a third party complete control over someone else's computer.

Little more than a dressed-up hacker's toy, the NetBus Trojan is called a "remote administration tool" by its maker. It enables a remote 'administrator' to do anything s/he wishes on a target machine with considerable stealth.

These activities include logging the user's key strokes, taking regular screen shots of whatever the user is viewing, retrieving their cached passwords, examining browser bookmarks, perusing e-mail messages and address books, activating the victim's microphone and Web-cam without their knowledge and intercepting their signals, and viewing, editing, executing, uploading or deleting files.
Résumé en français

Est-ce que NetBus Pro est un outil d'administration ou un outil de pirate. McAfee vient de revoir sa position est considère ce logiciel comme un outil d'administration.

Avec ce logiciel il est possible pour un administrateur de surveiller les actions au clavier d'un utilisateurs, d'acquérir régulierement des extraits d'écrans, exminer le cache du navigateur, récupèrer des mots de passe, et aussi activer à l'insu de l'utilisateur son micro ou sa webcam. Effacer, editer, transferer, ou encore executer des fichiers fait parties des fonctions de base de l'outil.

Il semble que MCAfee veuille aider les employeurs à surveiller leurs collaborateurs en ne signalant plusla presence de l'espion.

A vous de juger ce qu'il en est en vous aidant de la table des caractéristiques, ou de faire l'acquisition du logiciel.

NetBus Pro 2.10 

NetBus is a favourite toy of malicious hackers and script kiddies because of its economical price (US $15) and ease of use. A GUI and HTTP support enable any pitiful lamer who can operate a Web browser to use the tool. The NetBus server can be joined to another file and sent to a victim over the Internet as a Trojan.

Beyond malicious hacking and mischievous pranks, the only conceivable use for a Trojan such as this is to enable employers to monitor their employees' use of company machines. This surveillance could extend to laptops, which can be monitored whenever the user connects to the Internet or company intranet.

To download and register it :  NetBus Pro 2.10 

It would appear that McAfee wishes to cooperate with the efforts of employers to monitor computer use surreptitiously. Until recently, the anti-virus software would warn a user that their computer was infected with the NetBus Trojan, as well as its cousins Back Orifice and Sub7.

Certainly a number of McAfee customers will be disappointed to learn that they can no longer discover easily if their machines are infected.


"There are many other software programs of similar nature that are not scanned for," UltraAccess CEO Judd Spence said in a press release. "NetBus Pro is a totally legitimate remote administration tool and at only $15 a copy, it's less than one-tenth the price of some of our big-name competitors such as PCAnywhere from Symantec".

McAfee "recently repealed its unjust ban of NetBus Pro 2.10," UltraAccess says. "With the recent....decision, we would like to move forward with other anti-virus companies and begin developing solid working relationships with them as well."

It is advisable for those who use workplace computers, whether desktops or laptops, to acquaint themselves with all known 'remote administration tools' and either disable them, or, at a minimum, be extremely cautious when using the machines.

Now it is up to you to classify the tool as trojan or as an administrator tool, based on the features and the use you can make of it

Features

Real Time Chat with the user at the computer you administrate.
Telnet support. Access your PC’s MS-DOS-prompt with just a Telnet program.
HTTP support. Access your files, including download and upload support, with just a web-browser.
Host list integration with network neighborhood. 
Server setup and administration (close server, restrict IP access, TCP-port, password, visibility, access mode, auto start). 
General system information and cached passwords.
Message manager.
Window manager (full control over all windows).
Registry manager (list keys, fields and values, create keys and delete keys, change values among others).
Sound system (raise and lower volumes).
Plugin manager (run Plugins that extend the capabilities of NetBus). 
Port redirect (simple proxy support).
Application redirect (e.g. allows you to interact with MS-DOS prompts remotely, which gives you powerful access to the computer).
File actions (execute executable files, show image files, play audio files, open document files and print document files).
Spy functions (includes listen keyboard, get screen capture, record audio from microphone and get web camera image).
File manager (explorer, upload and download files, delete files and folders, create folders and share folders).
Exit Windows (reboot system, shutdown system or power down system).
Cool functions (Client chat, open and close CD-ROM, disable keys, key click, swap mouse buttons, Go to URL, Send text).
NetBus scanner, fast port scanner.
Host scheduler, predefine time to run scripts at hosts.
Command broadcaster, broadcasts commands to multiple hosts.
Multi-language support, extendable to more languages than just English.
Skin support (transparent backgrounds).
Install Wizard and Online help manual.

 

 

 

Author information.
Copyright © [Telecom and Logistics Associates Sàrl]. All rights reserved.
Revised: mai 23, 2000 .

All information provided is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavor to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act upon such information without appropriate professional advice after a thorough examination of the facts of the particular situation.