NetBus or Netbus is a software program for remotely controlling a
Microsoft Windows
Windows is a group of several proprietary graphical operating system families developed and marketed by Microsoft. Each family caters to a certain sector of the computing industry. For example, Windows NT for consumers, Windows Server for serv ...
computer system over a network. It was created in 1998 and has been very controversial for its potential of being used as a
trojan horse
The Trojan Horse was a wooden horse said to have been used by the Greeks during the Trojan War to enter the city of Troy and win the war. The Trojan Horse is not mentioned in Homer's ''Iliad'', with the poem ending before the war is concluded, ...
.
NetBus was written in
Delphi
Delphi (; ), in legend previously called Pytho (Πυθώ), in ancient times was a sacred precinct that served as the seat of Pythia, the major oracle who was consulted about important decisions throughout the ancient classical world. The oracle ...
by Carl-Fredrik Neikter, a Swedish programmer in March 1998. It was in wide circulation before
Back Orifice
Back Orifice (often shortened to BO) is a computer program designed for remote system administration. It enables a user to control a computer running the Microsoft Windows operating system from a remote location.Richtel, Matt.Hacker Group Say ...
was released, in August 1998. The author claimed that the program was meant to be used for
pranks
A practical joke, or prank, is a mischievous trick played on someone, generally causing the victim to experience embarrassment, perplexity, confusion, or discomfort.Marsh, Moira. 2015. ''Practically Joking''. Logan: Utah State University Press. ...
, not for illegally breaking into computer systems. Translated from
Swedish
Swedish or ' may refer to:
Anything from or related to Sweden, a country in Northern Europe. Or, specifically:
* Swedish language, a North Germanic language spoken primarily in Sweden and Finland
** Swedish alphabet, the official alphabet used by ...
, the name means "NetPrank".
However, use of NetBus has had serious consequences. In 1999, NetBus was used to plant
child pornography
Child pornography (also called CP, child sexual abuse material, CSAM, child porn, or kiddie porn) is pornography that unlawfully exploits children for sexual stimulation. It may be produced with the direct involvement or sexual assault of a chi ...
on the work computer of a law scholar at
Lund University
, motto = Ad utrumque
, mottoeng = Prepared for both
, established =
, type = Public research university
, budget = SEK 9 billion client–server architecture. The
server
Server may refer to:
Computing
*Server (computing), a computer program or a device that provides functionality for other programs or devices, called clients
Role
* Waiting staff, those who work at a restaurant or a bar attending customers and su ...
must be installed and run on the computer that should be remotely controlled. It was an
.exe
.exe is a common filename extension denoting an executable file (the main execution point of a computer program) for Microsoft Windows, OS/2, and DOS.
File formats
There are numerous file formats which may be used by a file with a extensi ...
file with a file size of almost 500 KB. The name and icon varied a lot from version to version. Common names were "Patch.exe" and "SysEdit.exe". When started for the first time, the server would install itself on the host computer, including modifying the Windows registry so that it starts automatically on each system startup. The server is a faceless process listening for connections on
port
A port is a maritime facility comprising one or more wharves or loading areas, where ships load and discharge cargo and passengers. Although usually situated on a sea coast or estuary, ports can also be found far inland, such as Ham ...
12345 (in some versions, the port number can be adjusted). Port 12346 is used for some tasks, as well as port 20034.
The client was a separate program presenting a
graphical user interface
The GUI ( "UI" by itself is still usually pronounced . or ), graphical user interface, is a form of user interface that allows users to interact with electronic devices through graphical icons and audio indicator such as primary notation, inste ...
that allowed the user to perform a number of activities on the remote computer. Examples of its capabilities:
* Keystroke logging
* Keystroke injection
* Screen captures
* Program launching
* File browsing
* Shutting down the system
* Opening / closing CD-tray
* Tunneling protocol (NetBus connections through a number of systems.)
The NetBus client was designed to support the following
operating system
An operating system (OS) is system software that manages computer hardware, software resources, and provides common services for computer programs.
Time-sharing operating systems schedule tasks for efficient use of the system and may also in ...
versions:
*
Windows 95
Windows 95 is a consumer-oriented operating system developed by Microsoft as part of its Windows 9x family of operating systems. The first operating system in the 9x family, it is the successor to Windows 3.1x, and was released to manufacturin ...
*
Windows 98
Windows 98 is a consumer-oriented operating system developed by Microsoft as part of its Windows 9x family of Microsoft Windows operating systems. The second operating system in the 9x line, it is the successor to Windows 95, and was released to ...
Windows NT 4.0
Windows NT 4.0 is a major release of the Windows NT operating system developed by Microsoft and oriented towards businesses. It is the direct successor to Windows NT 3.51, which was released to manufacturing on July 31, 1996, and then to retail ...
Netbus client (v1.70) works fine in
Windows 2000
Windows 2000 is a major release of the Windows NT operating system developed by Microsoft and oriented towards businesses. It was the direct successor to Windows NT 4.0, and was Software release life cycle#Release to manufacturing (RTM), releas ...
and in
Windows XP
Windows XP is a major release of Microsoft's Windows NT operating system. It was released to manufacturing on August 24, 2001, and later to retail on October 25, 2001. It is a direct upgrade to its predecessors, Windows 2000 for high-end and ...
as well. Major parts of the protocol, used between the client and server interaction (in version 1.70) are textual. Thus the server can be controlled by typing human understandable commands over a raw TCP connection. It is more difficult than using the client application yet allows one to administrate computers with NetBus from operating environments other than Windows, or when original client is not available. Features (such as screen capture) require an application with ability of accepting binary data, such as netcat. Most of more common protocols (like the
Internet Relay Chat
Internet Relay Chat (IRC) is a text-based chat system for instant messaging. IRC is designed for group communication in discussion forums, called ''channels'', but also allows one-on-one communication via private messages as well as chat and ...
HTTP
The Hypertext Transfer Protocol (HTTP) is an application layer protocol in the Internet protocol suite model for distributed, collaborative, hypermedia information systems. HTTP is the foundation of data communication for the World Wide Web, ...
) can also be used over a raw connections in a similar way.
NetBus 2.0 Pro was released in February 1999. It was marketed commercially as a powerful remote administration tool. It was less stealthy, but special hacked versions exist that make it possible to use it for illegal purposes.
All versions of the program were widely used by "
script kiddies
A script kiddie, skiddie, kiddie, or skid is an unskilled individual who uses scripts or programs developed by others, primarily for malicious purposes.
Characteristics
In a Carnegie Mellon report prepared for the U.K. Department of Defense in 2 ...
" and was popularized by the release of
Back Orifice
Back Orifice (often shortened to BO) is a computer program designed for remote system administration. It enables a user to control a computer running the Microsoft Windows operating system from a remote location.Richtel, Matt.Hacker Group Say ...
. Because of its smaller size, Back Orifice can be used to gain some access to a machine. The attacker can then use Back Orifice to install the NetBus server on the target computer. Most anti-virus programs detect and remove NetBus.