Fact-checked by Grok 2 weeks ago

NetBus

NetBus is a software program developed in early 1998 by Swedish programmer Carl-Fredrik Neikter, designed to enable remote control of Microsoft Windows computer systems over a TCP/IP network through a client- architecture. The tool consists of a component, typically named Patch.exe, which installs on the target machine and runs invisibly in the background—auto-starting via entries—while the client application allows the operator to connect using the target's or hostname. Originally created using Borland's programming language over a few weeks, NetBus was intended by its author for playful interactions with friends and legitimate network administration tasks, with Neikter surprised by its rapid popularity following the release of version 1.70 on November 14, 1998. Early versions (1.2 through 1.7) were widely regarded as horses due to their ease of covert installation and potential for unauthorized access, often detectable by like and . Later iterations, such as versions 2.0 and 2.1, were marketed as valid tools with enhanced features, though they retained backdoor capabilities that raised ongoing security concerns. Key features of NetBus include remote file management (uploading, downloading, and deleting files), , screen capturing, access, registry editing, and even playful functions like opening the tray or manipulating mouse movements, totaling up to 21 control options in some versions. It operates primarily on port 20034 by default (configurable), making it identifiable through tools like netstat or registry scans under keys such as HKEY_LOCAL_MACHINE\Software[Microsoft](/page/Microsoft)\Windows\CurrentVersion\Run. Despite its legitimate origins, NetBus contributed to early cybersecurity awareness in the late , alongside tools like , by highlighting risks of remote access software when misused for data theft, , or network disruption.

History and Development

Origins and Creation

NetBus was developed by Carl-Fredrik Neikter, a specializing in Windows applications using Borland's programming language. Neikter created the software in March 1998 over a period of a few weeks, initially as a straightforward for remote computer access. The program's original name was NetPrank, reflecting its Swedish roots and intended purpose as a lighthearted utility for harmless pranks among friends. Neikter designed it not for malicious exploitation but for amusement and basic , allowing users to remotely interact with others' systems in a playful manner. He later emphasized in interviews that the tool was meant to enable fun interactions while also serving network administrators, without inspiration from prior similar software. In the late Windows ecosystem, NetBus emerged amid growing adoption and nascent network connectivity, prioritizing ease of use for non-expert individuals over complex configurations. This simplicity distinguished it from more technically demanding tools, and its release predated notable contemporaries like , which debuted in August 1998.

Initial Release and Early Adoption

NetBus was first publicly released in March 1998 by its developer, Carl-Fredrik Neikter, as a tool targeted at Windows systems. The initial version, 1.2, was distributed through online channels, including personal web pages and emerging forums, without any structured marketing or official distribution network. This grassroots dissemination allowed it to circulate rapidly among early users, particularly in and enthusiast circles, where it was shared as an experimental utility for network experimentation. The program's appeal stemmed from its simplicity and novelty, quickly attracting adoption by script kiddies and hobbyists, many of whom were teenagers experimenting with computing in the late . Neikter originally conceived NetBus—whose name translates from as "NetPrank"—for lighthearted pranks among friends, such as manipulating mouse movements or opening drives on networked machines. However, its ease of use and lack of built-in safeguards led to widespread downloads and informal sharing across repositories and systems, fostering a spread in communities despite the absence of promotional efforts. The component of the initial release, typically deployed as an named "patch.exe," was lightweight and easy to transfer via dial-up connections prevalent at the time. This unassuming package enabled quick proliferation, with users often disguising it to evade detection during installation on target systems, further accelerating its uptake among pranksters and novice intruders in hacker forums.

Technical Architecture

Client-Server Design

NetBus operates on a , where the —often disguised with innocuous names like "patch.exe"—is deployed on the target machine and executes silently as a background process without user notification. This component establishes a persistent listener on the infected system, facilitating unauthorized over a local or wide-area network. The application, featuring a , allows the remote operator to initiate connections using TCP/IP, authenticating via a simple password mechanism before issuing commands to the . This enables seamless interaction between the operator's machine and the target, mimicking legitimate tools while lacking built-in security protocols. Communication in NetBus relies on predefined ports for distinct functions: port 12345 serves as the primary channel for commands, such as keystroke interception and screen capture initiation, while port 12346 handles operations between client and . The NetBus Pro variant uses port 20034 as the primary port, supporting advanced interactions like functionality and process manipulation, with port configurability added in version 1.7 and later to bypass restrictions. These ports operate over , ensuring reliable, connection-oriented data exchange, though early versions also supported on the same numbers for certain broadcasts. Designed initially for consumer-grade systems, NetBus demonstrates primary compatibility with and , leveraging their for low-level system hooks and network operations. Later iterations, including version 1.70 and the Pro edition, extended functionality to , 2000, and XP, accommodating the evolving Windows kernel while maintaining through registry modifications. This progression allowed NetBus to persist as a across multiple Windows generations until antivirus mitigations rendered it obsolete.

Installation Mechanisms

NetBus primarily relies on social engineering tactics to initiate on target systems, as it lacks built-in capabilities for remote deployment without prior access. The server component, typically distributed as a standalone file such as PATCH.EXE in version 1.60, is disguised to appear as innocuous software like games, system patches, or utilities to entice users into execution. Attackers often deliver these files via attachments, sometimes zipped to evade basic antivirus detection, accompanied by deceptive messages promising fixes or , such as a AutoCAD update that prompted responses from 50% of recipients in one documented case. Upon user-initiated execution, the NetBus server installs itself into the Windows system directory and establishes persistence by modifying the Windows registry. Specifically, it adds an entry to the Run key at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run, ensuring the server launches automatically with each system reboot. This mechanism allows the server to remain active without further user intervention, listening for incoming connections on designated ports. Initial access depends entirely on the victim's interaction, with no native support for silent or remote installation in early versions, underscoring the tool's dependence on tricking users rather than exploiting vulnerabilities. Icons for the can be easily customized using tools to further mask its malicious nature, enhancing the effectiveness of social engineering efforts.

Core Features

Remote Control Functions

NetBus provided users with the ability to remotely manipulate the mouse and keyboard on the target system, enabling real-time navigation and input simulation as if operating the machine directly. Through the client interface, the remote operator could move the mouse cursor to specified coordinates, swap left and right mouse buttons to disorient the user, and simulate clicks or drags to interact with applications and the desktop environment. Similarly, keyboard controls allowed the transmission of keystrokes to the active window, facilitating the entry of commands or text remotely, while features like blocking specific keys prevented local interference during sessions. These functions operated over the client-server architecture, where the server on the target machine relayed inputs to the operating system without requiring additional authentication once installed. A key visual monitoring capability was screen capture and viewing, which allowed the remote client to obtain or periodic snapshots of the target's for . This feature displayed the captured images in the client application, providing a graphical overview of ongoing activities, such as open windows or user interactions, to guide further remote inputs. Screen dumps could be requested or at intervals, ensuring the operator maintained without direct physical access. In practice, this functionality was essential for tasks requiring visual feedback, like or unauthorized , and was limited to bitmap-style captures due to the software's era-specific constraints. Basic system commands further extended by allowing execution of low-level operations on the target machine. Operators could initiate shutdown, restart, or logoff procedures to disrupt or reset the system remotely, as well as power off the computer if supported it. Another notable command involved toggling the tray, which could be opened or closed once or repeatedly at set intervals, often used for pranks or to interfere with local access. Additionally, the client permitted launching specified applications by providing their full , enabling the remote starting of programs without intervention. These commands were issued via simple button presses in the client , translating to direct calls on the side for immediate effect.

Monitoring and Manipulation Tools

NetBus provided several tools for monitoring user activity and manipulating the target system's data, enabling attackers to extract sensitive information and alter files without direct user interaction. One key feature was , which captured all typed input on the infected machine, including passwords and other credentials, by listening for keystrokes and saving them to a log file for later retrieval. This capability allowed remote operators to monitor ongoing activities stealthily, facilitating unauthorized access to accounts or data entry processes. Later versions, such as NetBus 2.1, included access, allowing the remote operator to view live feeds from the target's for visual . In terms of manipulation, NetBus supported comprehensive access to the target's storage, including browsing directories to view file structures, uploading arbitrary files to the system or updating the NetBus server component itself, downloading files for , and deleting items to cover tracks or disrupt operations. These functions operated through the client-server , where the remote user could navigate and modify the filesystem as if locally present, posing significant risks for data theft or . For instance, an attacker could systematically extract documents or erase evidence of intrusion. NetBus also featured registry editing capabilities in later versions, enabling remote modification of entries for persistence, changes, or further system compromise.

Versions and Evolution

Early Iterations

NetBus's initial release, version 1.0, debuted in March 1998, developed by programmer Carl-Fredrik Neikter as a tool primarily intended for pranks and remote experimentation on Windows systems. This version focused on basic capabilities, such as opening the CD-ROM tray, playing sounds, and simple screen interactions, targeted at and 98 environments where network connectivity was increasingly common among home users. Its lightweight design emphasized ease of installation via disguised executables, but lacked advanced options, making it straightforward yet limited in scope. Subsequent iterations rapidly evolved the software's functionality throughout 1998, culminating in version 1.70 in November 1998. Version 1.60 introduced expanded features including application launching, screen captures, file transfers and deletions, ejection, navigation, keystroke interception and playback, manipulation, and audio recording from the —enhancing its utility for both playful and intrusive remote access. This build maintained compatibility with and NT 4.0, using fixed / ports 12345 and 12346 for communication, while the protocol's simplicity enabled community-developed clients, such as a UNIX-compatible version for version 1.60, broadening potential controller platforms beyond Windows. These additions shifted NetBus from mere novelty toward a more versatile prototype, though it remained centered on consumer-grade Windows setups. Version 1.70 built on its predecessor with key improvements including an integrated ultra-fast , port redirection for traffic tunneling, configurable server ports with notifications on startup, and application redirection to activities—providing minor enhancements that reduced detectability compared to earlier fixed-port designs. These updates refined the tool's reliability without altering its core Windows-centric , prioritizing incremental stability over radical redesign. Community modifications further extended NetBus's reach during this period, with developers creating variants to address platform limitations. A notable example is NIL (NetBus Interface for Linux) version 0.1b, a simple client released in May 1999 that offered a clean graphical interface for interacting with NetBus 1.60 servers, demonstrating the open protocol's adaptability despite the software's primary focus on Windows hosts. Such efforts highlighted early grassroots interest but did not shift the tool's fundamental orientation toward ecosystems.

Commercial Pro Version

In February 1999, Carl-Fredrik Neikter released NetBus 2.0 as a product, with version 2.01 serving as the stable iteration, marking a pivot from its earlier roots to a monetized tool intended for legitimate . This version was distributed via websites, encouraging user registration for full access while allowing free initial use, and included restrictions on commercial redistribution without permission. Unlike prior iterations, NetBus 2.0 emphasized reduced stealth by default, such as visible installation notifications, to align with ethical remote management practices rather than covert exploitation. Key enhancements in NetBus 2.0 Pro focused on usability and security for authorized users, including an improved (GUI) for easier navigation and control. It introduced password protection and for client-server communications to prevent unauthorized , alongside multi-user support that enabled a single client to manage multiple server instances simultaneously. Additional features comprised script scheduling on remote hosts, plugin extensibility for tasks like file searching, and capabilities such as capturing video or retrieving cached passwords, all configurable via port 20034. A further update, NetBus 2.1, enhanced the Pro version with an improved featuring pull-down menus, along with advanced administrative tools including net cam viewing, keyboard logging, screen dumping, IP range scanning, scripting, broadcast sending, registry management, and expanded file management. Neikter positioned NetBus 2.0 as a professional and monitoring tool amid increasing scrutiny over its potential for misuse, providing contact details for commercial licensing inquiries to further legitimize its distribution. This approach aimed to differentiate it from hacking variants by promoting transparent, consent-based deployment on /98 and NT4 systems requiring / support.

Notable Incidents

Key Exploitation Cases

One of the most notorious exploitation cases involving NetBus occurred in at in , where an attacker remotely accessed the computer of law professor using the tool to plant approximately 3,500 images on his system. This incident led to Eriksson's immediate dismissal from his research position, a significant media scandal, and his temporary relocation abroad for medical treatment amid severe personal distress. Eriksson was falsely accused of possession and faced criminal charges, but he was fully acquitted in late 2004 after forensic analysis confirmed the files were uploaded via unauthorized remote access through NetBus, exonerating him as a of malicious tampering. Throughout the late and early , NetBus was frequently employed by script kiddies—inexperienced hackers relying on pre-built tools—for various pranks and petty thefts on personal computers. These misuse cases often involved simple disruptions, such as remotely manipulating mouse cursors, altering desktop settings, or repeatedly ejecting drives to harass users, typically among peers in online communities or local networks. More seriously, attackers leveraged NetBus's file management features to exfiltrate , including documents and media from infected home systems, leading to privacy breaches and occasional identity-related incidents among amateur users. NetBus also played a role in early forms of during this era, particularly through unauthorized intrusions into school and home networks to intimidate or embarrass targets. Script kiddies often targeted classmates or family members by remotely activating webcams for , sending fake messages, or deleting files to cause distress, exemplifying how the tool facilitated before widespread awareness of digital boundaries. Such incidents highlighted NetBus's ease of deployment in conflicts, contributing to its reputation as a gateway for novice malicious activities in unsecured environments.

Societal and Security Impact

NetBus played a pivotal role in heightening early awareness of remote access threats during the late , as one of the first widely disseminated tools capable of unauthorized system control, which spurred antivirus vendors to enhance detection mechanisms for trojan-like software. By 1999, companies such as () and had implemented specific signatures to flag NetBus installations, treating it as a potential due to its origins in communities and ease of misuse, thereby influencing the evolution of scanning protocols at a time when was rapidly expanding. This development contributed to broader cybersecurity practices, including user education on social engineering risks and the adoption of intrusion detection tools to monitor unauthorized network access. The tool's misuse inflicted significant harm on victims, including psychological distress from intrusive pranks—such as unauthorized file manipulation or screen takeovers—that eroded personal privacy and fostered about digital security. For instance, in a notable 1999 incident at , a law professor was framed with illicit images via NetBus, resulting in job loss, social ostracism, and long-term emotional trauma, as he later described the irrecoverable "lost years" of his life. Financial repercussions arose from theft enabled by the software's capabilities, leading to potential identity compromise or recovery costs, while repeated incidents diminished trust in shared networks, prompting users and organizations to invest in more secure alternatives. NetBus significantly popularized the concept of "" among non-experts, as its deceptive installation—often disguised in innocuous files like games—exemplified how seemingly harmless software could enable remote exploitation, a amplified by coverage of its spread. By 2000, reports indicated thousands of infections worldwide since its 1998 release, underscoring its role in demystifying risks for the general public and accelerating discussions on ethical . This visibility helped shift public perception toward viewing remote access tools with suspicion, influencing ongoing debates about the blurred line between legitimate administration utilities and malicious backdoors.

Legal and Ethical Dimensions

Classification as Malware

NetBus was classified as a by major antivirus vendors, including and (), starting from its initial release in , primarily due to its deceptive methods and for unauthorized remote without . This categorization stemmed from NetBus's ability to masquerade as innocuous software while enabling attackers to perform actions such as , file manipulation, and system control, often installed via social engineering tactics like disguised email attachments. Although NetBus was distributed under a license, which positioned it as a legitimate tool, its inherent characteristics—such as running hidden processes and evading detection through registry modifications—led to widespread blacklisting by security software. The conflict arose because, despite claims of commercial utility, features like invisible operation and lack of prominent user notifications aligned it with behavior rather than benign utilities, prompting antivirus firms to prioritize user protection over the software's intended model. Detection signatures for NetBus were developed and implemented by antivirus vendors beginning with version 1.2, targeting its server executable and associated network ports (e.g., / 12345). For the commercial version (e.g., 2.0 and 2.1), developers sought exemptions by arguing its legitimate remote monitoring applications, but no universal official exemption was granted across the industry; while ceased detection in 2000 following advocacy from the Pro version's distributor, other vendors like maintained classifications and signatures due to ongoing abuse potential and stealth elements. This selective approach highlighted the tension between commercial intent and security risks, with Pro versions retaining blacklist status in many products.

Consequences for Users and Developers

The of NetBus, Carl-Fredrik Neikter, encountered no significant legal charges related to the software's or distribution. Neikter maintained that NetBus was designed as a legitimate tool for educational and administrative purposes, emphasizing that its misuse stemmed from user intent rather than inherent malice in the program. This position fueled broader ethical discussions on accountability for dual-use technologies, where tools intended for benign applications are repurposed for harm, highlighting tensions between and potential . Misuse of NetBus by users often resulted in legal scrutiny and consequences, particularly in cases involving unauthorized access and criminal activities. In a prominent 1999 incident at in , unknown perpetrators exploited NetBus to remotely upload over 12,000 pornographic images, including approximately 3,500 instances of , onto the computer of law professor . This led to Eriksson's initial accusation of and , job loss, public humiliation, and prolonged personal hardship, including relocation abroad and health issues; he was ultimately acquitted in 2004 after forensic evidence confirmed unauthorized of his system. Although the attackers evaded identification and prosecution in this case, it exemplified how NetBus facilitated severe ethical violations, with debates centering on whether such tools should carry stricter usage warnings or restrictions to prevent framing and distribution of illicit materials.

Legacy and Modern Context

Influence on Subsequent Tools

NetBus, released in 1998, served as a foundational precursor to later remote access trojans (RATs) by popularizing the client-server model for unauthorized within hacker communities. Its straightforward implementation, which allowed remote users to manipulate files, capture screenshots, and execute commands on Windows systems, demonstrated the feasibility of such tools for both pranks and malicious exploitation, inspiring subsequent developments like SubSeven in 1999. SubSeven, developed by Mobman, echoed NetBus in functionality while expanding features such as keylogging and password theft, and its name was reportedly derived as an inversion of "NetBus," highlighting direct conceptual lineage. Similarly, (BO2K), released in 1999 by the , built on the remote control paradigms established by NetBus and its contemporaries, incorporating UDP-based communication to address perceived limitations in earlier TCP-reliant tools like NetBus. The tool's influence extended to legitimate remote administration software, where its dual-use nature—as both a prank utility and a basic admin tool—underscored the need for secure, consent-based alternatives. NetBus's creator, Carl-Fredrik Neikter, marketed later versions like NetBus 2.1 Pro as commercial solutions with graphical interfaces and support, influencing the design of enterprise-grade tools that prioritized and to mitigate abuse risks. Early variants of protocols like (VNC), developed concurrently in 1998, benefited indirectly from the awareness raised by NetBus incidents, prompting enhancements in security features such as encrypted sessions to prevent unauthorized access in legitimate deployments. This shift emphasized controlled remote management for IT support, distinguishing ethical tools from their malicious counterparts. NetBus significantly contributed to the malware arms race of the late 1990s and early 2000s by exposing vulnerabilities in unencrypted, easily detectable remote protocols, thereby driving innovations in evasion and persistence among descendants. Its proprietary but rudimentary encryption and fixed port usage (e.g., TCP 20034) were quickly analyzed and bypassed, prompting later RATs like BO2K to adopt stronger mechanisms, including XOR-based encryption with dynamic keys and multi-protocol support (TCP/UDP). SubSeven further escalated this evolution through rapid versioning—over 12 releases by 2002—adding polymorphic elements and diverse commands to evade signature-based detection, a direct response to the scrutiny NetBus attracted from antivirus vendors. These advancements in modern RAT lineages, such as improved stealth and modularity, trace back to NetBus's role in normalizing remote exploitation as a core cyber threat vector.

Detection and Mitigation Today

In contemporary cybersecurity practices, modern detects NetBus remnants primarily through signature-based scanning targeting its executable files and associated behaviors, such as unauthorized remote access attempts. For instance, identifies NetBus as a classic capable of , flagging it during full scans to remove infections without . Similarly, intrusion prevention systems like those from monitor traffic on ports associated with NetBus, such as 12345 and 12346 for early versions or 20034 for later versions like 2.1, alerting on patterns indicative of NetBus responses or client queries, which helps in early of potential compromises. Behavioral analysis in (EDR) tools further enhances detection by profiling RAT-like activities, such as anomalous network connections or process injections, even if the has been modified. Mitigation strategies emphasize preventive measures to block NetBus exploitation. Firewalls configured to restrict inbound traffic on NetBus-associated ports, including 12345, 12346, and 20034, effectively prevent unauthorized access, a standard recommendation in guidelines. User education plays a , advising against executing suspicious files disguised as games or utilities, as NetBus historically spread via social engineering. Regular system scans using reputable tools like or Symantec's products ensure thorough removal of any lingering components, with automated updates maintaining efficacy against known variants. As of 2025, NetBus infections are exceedingly rare in the wild, largely due to its incompatibility with modern Windows versions beyond XP, which receive no security support, rendering it obsolete for targeting current systems. However, archived samples and emulated environments in vintage computing setups—such as retro or historical —pose residual risks, where legacy operating systems lack built-in protections, potentially exposing isolated networks to if connected online. Organizations handling such heritage systems should isolate them via air-gapping or virtual machines to minimize threats.

References

  1. [1]
    Interview with Carl-Fredrik Neikter, author of NetBus - HelpNet Security
    Apr 1, 2002 · Carl-Frederik Neikter (aka CF), became very popular with his program NetBus. NetBus is remote administration tool, that can use the server ...Missing: history | Show results with:history
  2. [2]
    [PDF] NetBus 2.1, Is It Still a Trojan Horse or an Actual Valid Remote ...
    Anyway, NetBus v 1.2 – 1.7 are considered Trojan horses and detectable by McAfee, Norton and other various detection software. Page 7. © SANS Institute 2000 - ...
  3. [3]
    NetBus - F‑Secure
    NetAV is the worm that spreads in email messages. email addresses are collected from the users' Address Book and HTML files located in the 'Temporary Internet ...
  4. [4]
    What is a RAT? How remote access Trojans became a major threat
    Nov 9, 2020 · RATs were first created to prank friends. Today, they're cheaply available and used by everyone from cybercriminals to espionage groups.
  5. [5]
    NetBus - UC Davis Vulnerabilities Database
    NetBus is a Trojan horse that allows the installing user access to the system at a later time through the program.Missing: Delphi NetPrank
  6. [6]
    Microsoft Security Bulletin MS98-010 - Critical
    Information on the "Back Orifice" Program. On July 21, a self-described hacker group known as the Cult of the Dead Cow released a program called "Back Orifice, ...
  7. [7]
    [PDF] NetBus - GIAC Certifications
    Dec 17, 2000 · It is promoted as a remote administration tool by its author Carl-Fredrik Neikter however there have been special hacking versions of “NetBus ...Missing: Delphi | Show results with:Delphi
  8. [8]
    [PDF] Malware History - Bitdefender - Index of
    Apr 30, 2010 · command.com file size, as this was the first symptom of system infection. Right after the Leigh incident, another computer virus created by.
  9. [9]
    NetBus 1.60 (a) - MegaSecurity.org
    NetBus 1.60 (a) (Backdoor.Win32.Netbus.160.a). by Carl-Fredrik Neikter. Written in Delphi. Released in August 1998. Made in Sweden.
  10. [10]
    Advisories - NetBus - MyCERT
    NetBus has been available, but its widespread use as a hacking tool has not occurred until recently. Unlike BO, NetBus will run on Windows NT besides Window 95/ ...Missing: history | Show results with:history<|control11|><|separator|>
  11. [11]
    Download Netbus 1.70 - MajorGeeks.Com
    Product: Netbus 1.70 ; Vendor: Carl-Fredrik Neikter ; Tested operating systems: Windows 2000, Windows Vista, Windows XP ; Most recent version of this submission:
  12. [12]
    NetBUS
    If Netbus server has been installed on your computer, someone can take control over it using Netbus client on theirs. HOW DOES IT WORK? Netbus consists of two ...
  13. [13]
    team-MineDEV/NetBus1.70: The late 90s Trojan - GitHub
    Netbus 1.7 was released to the public on 11/14/98. It is basically the same program as version 1.6, but with some new “features” described by Carl here.Missing: 1998 | Show results with:1998
  14. [14]
    LWN - Announcements
    ### Summary of NIL (NetBus Client for Linux)
  15. [15]
    iss-backdoor.txt
    ... February 19, 1999 Windows Backdoors Update II: NetBus 2.0 Pro, Caligula, and Picture.exe Synopsis: This advisory is a quarterly update on backdoors for the ...Missing: shareware | Show results with:shareware
  16. [16]
    NetBus 2.0b Pro - MegaSecurity
    NetBus Pro is a easy-to-use remote administration and spy tool. DOCUMENTATION For full documentation, and quick help popup, press the F1 key at any time while ...Missing: 1998 | Show results with:1998
  17. [17]
    NetBus 2.0 Download (Free) - Informer Technologies, Inc.
    Aug 24, 2024 · The easy-to-use remote administration and spy tools. NetBus features : - windows 95/98/NT installation wizzard - new, improved grafical user interface (GUI)
  18. [18]
    NetBus Pro - Download
    NetBus Pro provides password protection and encryption to secure the communication between the client and server components. ... Yes, NetBus Pro provides ...
  19. [19]
    The Evolution of Malicious Agents - Lenny Zeltser
    By combining key features of these agents, attackers are now able to create software that poses a serious threat even to organizations that fortify their ...
  20. [20]
    New Removable Media gives Malware a Boost #2 - Bitdefender
    Nov 17, 2008 · Microsoft managed to implement the Windows Scripting Host technology in order to meet its customers' demand for a more flexible working ...Missing: shareware | Show results with:shareware
  21. [21]
    [PDF] Advanced communication techniques of remote access trojan ...
    Dec 20, 2003 · Trojan horses on Windows operating systems have been around for a long time. With exemplars like SubSeven or Netbus they were never taken ...
  22. [22]
    https://www.forbes.com/forbes/1999/0906/6405218a.html
  23. [23]
    Scan versus scan - Forbes
    Sep 6, 1999 · It jeopardizes your network security.” Other virus scanners also bounce NetBus–and they, too, are owned by software titans that ...
  24. [24]
    [PDF] Symantec NetRecon™ Release Notes
    NetBus is a backdoor program that lets unauthorized users remotely perform a variety of operations, such as changing the registry, executing commands, starting ...
  25. [25]
    McAfee anti-virus enables employee monitoring - The Register
    May 24, 2000 · Network Associates anti-virus division McAfee has decided to stop scanning for a Trojan called NetBus Pro, made by UltraAccess Networks, ...
  26. [26]
    Offer för porrkupp - Nyheter - Senaste nytt | Expressen - Nyheter Sport Ekonomi Nöje
    ### Summary of NetBus Lund Incident (Magnus Eriksson)
  27. [27]
    [PDF] Catching Remote Administration Trojans (RATs)
    Sep 23, 2002 · RAT such as Back Orifice, SubSeven, NetBus, or DeepThroat. P is then ... About RATS: SubSeven and Remote Administration Trojans. http ...