Information, Computer and Network Security Terms Glossary and
Netbus is a software program for remotely controlling a Microsoft Windows computer system over a network. It was created in 1998 and has been very controversial for its potential of being used as a backdoor. There are two components in the Netbus client-server architecture. The server must be installed and run on the computer that should be remotely controlled. Common names were "Patch.exe" and "SysEdit.exe". When started for the first time, the server would install itself on the host computer, including modifying the Windows registry so that it starts automatically on each system startup. The server is a faceless process listening for connections on port 12345 and port 12346 is also used. The client was a separate program presenting a graphical user interface that allowed the user to perform a number of activities on the remote computer such as Keystroke logging, Keystroke injection, Screen captures, Program launching, File browsing, Shutting down the system, Opening / closing CD-tray, Tunneling NetBus connections through a number of systems, etc.