Netbus Trojan

Netbus Trojan, more frequently referred to as Netbus, is one of the most dangerous and readily-available pieces of malware on the Internet. Anyone can find Netbus and download it. If you leave your computer unprotected, Netbus can do amazingly extensive damage to your computer and to your own privacy. Essentially, Netbus allows a remote hacker to enter your computer, and to cause it to do literally anything they want it to do, and to get any information off of it that they want to get. With Netbus, a complete stranger can do anything with your computer that you can do, and that is no exaggeration.

How Netbus Spreads and What It Does

To be clear, Netbus is not a virus, because Netbus can't spread on its own. Netbus must be installed by the user of the infected computer. Netbus is called a Trojan, because in order to get the victim to install the malware, Netbus is usually disguised as something else. Usually this something else is an application of some kind, and one of the most famous variants of Netbus uses a Whack-a-mole game as a disguise. So in other words, you can't wind up with Netbus on your computer unless you execute its file, although the file will not come out and say that it is Netbus.

The other component of Netbus is the server side, or the controller side. The hacker, or whoever is behind the installation of Netbus on some remote computer, uses this component to control the victim computer and to record and take information from the victim computer. The server side of Netbus has a graphical user interface – a screen with buttons, options, etc. – that makes it extremely simple to use. This interface also makes it very easy to see the information stolen from the victim computer. From this interface, the controller can run programs or stop them, open and close windows, look at files, log keystrokes, take screen shots, open the CD tray, swap the mouse buttons, edit the registry, change the Internet settings, plant files on the computer, inject keystrokes, print documents, prevent certain keys on the keyboard from working (or the whole keyboard), change the wallpaper, change the volume, and turn off the speakers. That's not a complete list, either.

Netbus hides itself among the system files on the affected computer, often taking a name like "Patch.exe," or even "Msconfig.exe" in order to make itself look like something else. Netbus is also capable of preventing you from accessing its files in order to delete them. Netbus is invisible on the infected computer when Netbus runs, and it runs every time Windows starts. The average computer user will not notice any symptoms at all. However, more experienced users can check for activity on ports 12345 and 12346, which are frequently used by Netbus. What this means is that even if you go looking for proof of Netbus, you may not find Netbus without help.

Netbus Background and How You Should Handle It

One of the interesting facts about Netbus is that its history and the name of its creator are widely publicly known. Netbus was created in 1998 by a Swedish programmer named Carl-Fredrik Neikter, who openly announced that he had written Netbus and who claimed that Netbus was only ever intended to be used for pranks. Regardless of what Neikter's intentions may have been, Netbus quickly spread, and Netbus became very widely-used malware. The people using Netbus developed it into even more dangerous malware over time. Oddly enough, in 1999, Netbus was commercially released as Netbus 2.0, and Netbus was marketed to businesses as a useful tool for controlling computers remotely. Given the time that the various versions of Netbus appeared, in 1998 and 1999, Netbus was originally intended to work on Windows 95, 98, and ME, but Netbus does work on XP, which makes Netbus a persistent threat.

Netbus has several variants that go by release numbers, like 1.5, 1.7, etc. – but there are also related malicious programs that have more memorable names, such as Back Orifice and Whack-a-mole. All of these should be considered dangerous. Proper protection of your PC is extremely important in preventing your computer from being infected with Netbus, although it also helps to make sure that you don't run executable files from unknown sources. Netbus must be treated with extreme caution, because, in the wrong hands, Netbus can be used to ruin lives. Netbus has been used that way before.