Netbus Trojan Screenshot
Trojan Horse programs (also known as RATs, Remote Assistance Tools) have many useful features that make them great for remote administration. However these same features can easily be abused by an attacker to gain unauthorized access to other systems.
Trojan programs come in two parts, the client and server. The victim would be infected with the Trojan server. Once infected, the Trojan server program on his computer would begin to listen for a connection from a Trojan client program.
A Trojan client program is what an attacker would use to connect to an infected computer. Below is a sample screenshot of the old Netbus client interface.
Take a good look at all the features this program offers! It's complete access. You can pretty much do anything with the infected computer. Including taking a screendump of whatever the user on the infected system is doing and looking at.
Back in 2003 I was playing around with Netbus and was able to gain access to a computer using an ISP located in Haifa, Israel. As I was looking around, I noticed something interesting on a screendump I took of the infected computers desktop (see below).
On the lower right hand of his screen, there is a shortcut to a flight simulator program. Now, normally I wouldn't even think twice about this, but this was 2003 and shortly after the September 9-11 attacks, and considering the climate at the time, I thought this might be of some possible significance so I kept the screendump.