NAI Cover-up ?
This is the email that we received from NAI when we discovered that
"easy" detection of NetBus Pro had been removed. While Sal Viveros
claims that NAI has NOT changed its policy, this email directly from NAI
support says otherwise.
Received: from webshield2.na.nai.com (webshield2.nai.com [220.127.116.11]) by
mail.xxx.xxx.fl.us with SMTP (Microsoft Exchange Internet Mail Service Version 5.5.2650.21) id KK0NNJN4; Tue, 16 May 2000 13:55:27 -0400
Received: FROM na-ex-bridge2.nai.com BY webshield2.na.nai.com ; Tue May 16 10:58:36 2000 -0700
Received: by na-ex-bridge2.nai.com with Internet Mail Service (5.5.2650.21) id ; Tue, 16 May 2000 10:55:07 -0700
From: Virus Research
Reply-To: Virus Research
To: "'Spence, Judd'"
Subject: RE: NetBus Pro
Date: Tue, 16 May 2000 10:51:28 -0700
X-Mailer: Internet Mail Service (5.5.2650.21)
Content-Type: text/plain; charset="iso-8859-1"
Netbuspro allows remote control of another computer. Data can be fully
manipulated when the host system (your "infected" system) is connected
to a TCP/IP network.
Because the software-developer of this product started marketing this as
a professional remote-access tool, he objected to our calling this a
trojan, so we had to remove "easy" detection. In truth, the Netbuspro
package can be useful to someone, but we've had numerous complaints of
this being "snuck" into other peoples systems for less than honorable
Though we had detection of this in previous DAT files, on legal advice
it had to be removed from regular detection and hidden by the expert
Run the command-line VirusScan with the /!GURU option to detect on
demand. It will not be put in the regular DAT set. The /!GURU option
will allow you to make sure you've removed this trojan from your system.
Virus Research Analyst
A division of Network Associates, Inc.
From: Spence, Judd [mailto:SpenceJ@]
Sent: Tuesday, May 16, 2000 7:46 AM
Subject: NetBus Pro
Can anyone confirm that NAI is no longer detecting NetBus Pro ?If so, why