| Port No | 12345 |
| Service Name | NetBus |
| RFC Doc | 0 |
| Protocol | TCP |
| Description | NetBus 1.53 was a big step up from version 1.20. This version added Uploading/Downloading and recording from the server's microphone. NetBus 1.53 servers can be password protected but they can be remotely changed |
| Reference Link | |
| Attack | It Registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ Key: What_ever_the_server_is_called
Features: Capture screen Change mouse Change the wave, synth and CD sound balance Control mouse Exit windows Get the user account info Listen for keystrokes Open/Close Cd-Rom Open/Close Cd-Rom in intervals Play sound Record from server microphone Run program Run program Send message Send server to URL Send text Show image Swap mouse buttons Upload/Download file Fix: Remove the What_ever_the_server_is_called key in the registry located at HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run Which can be done with regedit or any other registry editing program Reboot the computer or close What_ever_the_server_is_called. Delete the trojan file which is listed in the registry key |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.