Backdoor.NetBus.A
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
Ranking: | 17,032 |
Threat Level: | 60 % (Medium) |
Infected Computers: | 116 |
First Seen: | November 14, 2017 |
Last Seen: | July 5, 2023 |
OS(es) Affected: | Windows |
Backdoor.NetBus.A is a variant of its better-known predecessor and Trojan, Netbus. The original NetBus was created back in 1998 by the Swedish programmer Carl-Fredrik Neikter. The creator intended it as a prank, not as anything with harmful intent, but NetBus is capable of giving remote access to Microsoft Windows-running systems. This led to much controversy, eventually ending up with its classification as a Trojan.
Backdoor.NetBus.A contains a Registry file that modifies the existing Windows Registry. This was a necessary change over previous versions, as NetBus Pro 2.1 was redesigned to be visible by default, which turned it into a remote control software essentially. The Backdoor.NetBus.A variant features alterations that allow it to run in 'stealth mode,' thus giving more options to any attackers using it to monitor and control the affected systems
Versions of NetBus like this one allow attackers to perform several actions, such as opening and closing a CD-ROM, showing images, swapping mouse buttons, starting other applications, playing sounds, controlling the mouse cursor, shutting down Windows, uploading and downloading files, deleting files, Web browsing, keyboard control, disabling keyboard keys and even recording audio via any connected microphones. This gives the attackers full control over the infected systems so that users are advised to remove Backdoor.NetBus.A from their machines as soon as possible.