Data Fellows Adds Detection of Netbus 2.0 Pro F-Secure Anti-Virus Now Detects the Controversial Utility Submitted By: Context PR Friday, 5 March 1999

Home , Remote administration

Data Fellows adds Detection of NetBus 2.0 Pro F-Secure Anti-Virus now detects the controversial utility Submitted by: Context PR Friday, 5 March 1999

March 5, 1999 -- Data Fellows, the global leader in anti-virus and encryption software, today announced that it has added detection of the NetBus 2.0 utility into F-Secure Anti-Virus. Netbus can be used to remotely control a Windows workstation, such as to read and write files, send messages, listen to the microphone, etc. The Netbus detection feature in F-Secure Anti-Virus is optional. NetBus is a remote administration tool for Windows, similar to the infamous Back Orifice tool. It can be installed invisibly into an end user machine. After this, the machine can be accessed and controlled using the NetBus client. This means that a malicious person could control a Windows workstation across the Internet, even from another country. What makes NetBus special among hacking tools is that it has gone commercial. Since February 1999, NetBus has been marketed by it's developers on the Internet. The latest version of the tool has been enchanced with new features and can be used as a generic remote access tool. Older, free versions of NetBus have been detected by most anti-virus programs as trojan horses or backdoor utilities. The controversy over NetBus 2.0 Pro has concerned the commercial aspect: should anti-virus programs detect a tool that people are actually buying and using for day-to-day remote access? NetBus 2.0 can be used for good or bad, just like any other remote access program. Therefore, if NetBus is detected, shouldn't other tools, such as PC Anywhere, be detected as well? "When NetBus went commercial, we decided not to add detection of the new versions to F-Secure Anti-Virus", explains Mr. Mikko Hyppönen, Manager of Anti-Virus Research at Data Fellows. "Then we started getting requests from some big clients about the possibility to add detection anyway - because we detected the older versions. So we added it." Data Fellows solved the problem by making detection of NetBus 2.0 Pro optional. Users who have bought the utility and do not want to detect and stop NetBus 2 can remove detection of it, but still continue to be protected against the thousands of other known viruses and trojans. Carl-Fredrik Neikter, the main developer of NetBus comments: "We think it is fair that Data Fellows is adding detection of NetBus as optional. We do understand that some companies might want to limit usage of NetBus in their organisation, but our clients must be able to use the software they buy as well." NetBus is particularly widely used in Northern Europe. The Swedish computer magazine Internetworld did a portscan on a large set of Swedish Internet users in January 1999. According to their results, they found approximately 40,000 machines that were running the NetBus server and were open for anyone to access. Netbus has a wide variety of features which can be operated across the Internet, including reading and writing files, playing sounds, sending messages, listening to the microphone, recording the user's keystrokes etc.

Page 1 F-Secure Anti-Virus detects NetBus 2.0 Pro as "Backdoor.NetBus.20". An update to include detection of NetBus 2.0 Pro is available at http://www.DataFellows.com/ Data Fellows is one of the world's leading developers of data security products. The company develops, markets and supports integrated anti-virus, data security and cryptography software products for corporate computer networks. It has corporate headquarters in San Jose, California and Espoo, Finland, with corporate offices as well as partners, VARs and other distributors in over 80 countries around the world. For more information, contact Craig Coward, PR for Data Fellows, 01625 511966 / [email protected] http://www.DataFellows.com or [email protected]. # # # Note to editors: Screenshots of NetBus 2.0 Pro are available on the Data Fellows web site at the Virus Activation Screenshots Archive: http://www.DataFellows.com/v-pics/ The Edge Partnership Churchside Macclesfield SK10 1HG 01625 511966 / 511967 (fax)

Page 2

Distributed via Press Release Wire (https://pressreleases.responsesource.com/) on behalf of Context PR