Tools For Creating Trojans: A wide range of tools exists that are used to take control of a victim’s system and leave behind a gift in the form of a backdoor.
This is not an exhaustive list, and newer versions of many of these are released regularly.
Let me Rule: A remote access Trojan authored entirely in Delphi. It uses TCP port 26097 by default.
RECUB: Remote Encrypted Callback Unix Backdoor (RECUB) borrows its name from the Unix world. It features RC4 encryption, code injection, and encrypted ICMP communication requests.
It demonstrates a key trait of Trojan software—small size—as it tips the scale at less than 6 KB.
Phatbot: Capable of stealing personal information including email addresses, credit card numbers, and software licensing codes.
It returns this information to the attacker or requestor using a P2P network. Phatbot can also terminate many antivirus and software based firewall products, leaving the victim open to secondary attacks.
Amitis: Open TCP port 27551 to give the hacker complete over the victim’s computer.
Zombam.B: Allows the attacker to use a web browser to infect a computer. It uses port 80 by default and is created with a Trojan-generation tool known as HTTPRat.
Much like Phatbot, it also attempts to terminate various antivirus and firewall processes.
Beast: Uses a technique known as Data Definition Language (DDL) injection to inject itself into an existing process, effectively hiding itself from process viewers.
One tool that should be mentioned as well as Back Orifice, which is an older Trojan creation tool. Most, if not all, of the antivirus applications in use today should be able to detect and remove this software.
I thought it would be interesting to look at the text the manufacturer uses to describe its toolkit. Note that it sounds very much like the way a normal software application from a major vendor would be described.
The manufacturer of Back Orifice says this abut Back Orifice 2000 (BO2K):
Built upon the phenomenal success of Back Orifice released in August 98, BO2K puts network administrators solidly back in control.
In control of the system, network, registry, passwords, file system, and processes.
BO2K is a lot like other major file-synchronization and remote control packages that are on the market as commercial products.
Except that BO2K is smaller, faster, free, and very, very extensible. With the help of the open source development community, BO2K will grow even more powerful. With new plug-ins and features being added all the time, BO2K is an obvious choice for the productive network administrator.