Netbus runs over TCP/IP on Windows 95, Windows 98, and Windows
Version 1.6’s more wicked functions include displaying messages
on the victim’s machine. This could be used to prompt the
unsuspecting user for passwords while returning the password to the
attacker’s screen. Netbus can also shut down Windows altogether,
download, upload, and delete files.
Netbus, Version 1.7, released on Nov. 14, includes unusually
devious functions. Redirection allows an attacker to control a
third machine within the network, thereby making the attack appear
to be from an internal client.