Tech moves fast! Stay ahead of the curve with Techopedia!
Join nearly 200,000 subscribers who receive actionable tech insights from Techopedia.
Netbus is malware or, more specifically a Trojan, that was designed to remotely control Microsoft Windows applications over a network. The software is controversial because it can be used as a way to trigger unauthorized access to a remote computer for malicious purposes. Netbus was designed to work on Windows 95, Windows 98, Windows ME and Windows NT 4.0 operating systems.
Netbus has the ability to gain control of keystroke logging and injections, shut systems down, and perform screen captures. It can also be used to browse files, execute or delete file, open and close a computer's CD tray, format drives, and even create booting issues. It functions primarily through ".exe" files.
Netbus may also be known as Patch.exe or SysEdit.exe.
Netbus consists of a server program as well as a client program. The server version is installed on the victims' system, while the client version is installed on the systems used by the intruders. In addition, Netbus is able to randomly locate the systems that have an active Netbus server installed on them.
Netbus was developed by Swedish computer programmer Carl-Fredrik Neikter, who claimed to have developed it primarily for pulling computer pranks. Even so, Netbus has been notoriously abused for various malicious purposes. For example, in 1999, attackers used Netbus to plant child pornography on a law scholar's work computer at Lund University. Around 3,500 images were downloaded to the victim's computer, which was later discovered by the system administrators. As a result, the law scholar lost his research position at the institution, and had to flee from the country. In 2004, he was exonerated when the court found out that Netbus was used to carry out these illegal downloads.
Netbus functions more or less the same way as Back Orifice, another controversial software designed for remote system administration. It emerged in the lat '90s, when Netbus was already widely implemented.
The Netbus infection can be identified by verifying the Windows registry. If infected, Netbus can be removed either by using malware or spyware removal applications, or by manually deleting its entries in Windows registry.