Wikipedia

NetBus

This is an old revision of this page, as edited by GRider (talk | contribs) at 21:47, 17 November 2004 (sp). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

NetBus or Netbus is a program for remotely controlling a Microsoft Windows computer system over a network. It was created in 1998 and has been very controversial for its potential of being used as a backdoor.

File:NetBus153.png
Screenshot of the server component of NetBus 1.5.3

NetBus was written by Carl-Fredrik Neikter, a Swedish programmer in March 1998. It was in wide circulation before Back Orifice was released, in August 1998. The author claimed that the program was meant to be used for pranks, not for illegally breaking into computer systems. Translated from Swedish, the name means "NetPrank".

There are two components to the client-server architecture. The server must be installed and run on the computer that should be remotely controlled. It was a .exe file with a file size of almost 500 KB. The name and icon varied a lot from version to version. Common names were "Patch.exe" and "SysEdit.exe". When started for the first time, the server would install itself on the host computer, including modifying the Windows registry so that it starts automatically on each system startup. The server is a faceless process listening for connections on port 12345 (in some versions, the port number can be adjusted). Port 12346 is used for some tasks.

The client was a separate program presenting a graphical user interface that allowed the user to perform a number of activities on the remote computer. Examples of its capabilities:

  • Keystroke recording
  • Keystroke injection
  • Screen captures
  • Program launching
  • File browsing
  • Shutting down the system
  • Opening / closing CD-tray
  • Tunneling a NetBus connections through a number of systems

The NetBus client was designed to support the following operating system versions:

NetBus 2.0 Pro was released in February 1999. It was marketed commercially as a powerful remote administration tool. It was less stealthy, but special hacked versions exist that make it possible to use it for illegal purposes.

All versions of the program were widely used by "script kiddies" and was popularized by the release of Back Orifice. Because of its smaller size, Back Orifice can be used to gain some access to a machine. The attacker can then use Back Orifice to install the NetBus client on the target computer. Most anti-virus programs detect and remove NetBus.

Retrieved from "https://en.wikipedia.org/w/index.php?title=NetBus&oldid=7591255"