Creating Trojan And Learning in Depth

Tools for Creating Trojans


One of the older and potentially widely misunderstood forms of malware is the Trojan, Simply put, a Trojan is a software application that is designed to provide covert access to a victims system. The malicious code is packaged in such a way that it appears harmless and thus gets around both the scrutiny of the user and the antivirus or other applications that are looking for malware. Once a system, its goal is similar to applications that are looking for malware.

A wide range of tools exists that are used to take control of a victim’s system and leave behind a gift in the form of a backdoor. This is not an exhaustive list, and newer versions of many of these are released regularly:

Let Me Rule A remote access Trojan authored entirely in Delphi. It uses TCP port 26097 by default.

RECUB Remote Encrypted Callback Unix Backdoor (RECUB) borrows its name from the Unix World. It features RC4 encryption, code injection, and encrypted ICMP communication requests. It demonstrates a key trait of Trojan software-small size- as it tips the scale at less than 6 KB.

Phatbot Capable of stealing personal information including email addresses, credit cards numbers, and software licensing codes. It returns this information to the attacker or requestor using a P2P network. Phatbot can also terminate many antivirus and software based firewall products, leaving the victim open to secondary attacks.

Amitis Open TCP port 27551 to give the hacker complete control over the victim’s computer.

Zombam.B Allows the attacker to use a web browser to infect a computer. It uses port 80 by default and is created with a Trojan-generation tool known as HTTPRat. Much like Phatbot, it also attempts to terminate various antivirus and firewall processes.

Beast Uses a technique known as Data Definition Language (DDL) injection to inject itself into an existing process, effectively hiding itself from process viewers.

Hard-Disk Killer A Trojan written to destroy a system’s hard drive. When executed, it attacks a system’s hard drive and wipes it in just a few seconds.

One tool that should be mentioned as well is Back Orifice, which is an older Trojan creation tool. Most, if not all, of the antivirus applications in use today should be able to detect and remove this software.

I thought it would be interested to look at the text the manufacturer uses to describe its toolkit. Note that it sounds very much like the way a normal software application from a major vendor would be described. The manufacturer of Back Orifice says this about Back Orifice 2000 (BO2K):

Built upon the phenomenal success of Back Orifice released in August 98, BO2K puts network administrators solidly back in control. In control of the system, network, registry, passwords, file system, and processes.

BO2K is smaller, faster, free and very, very extensible. With the help of the open-source development community, BO2K will grow even more powerful. With new plug-ins and features being added all the time, BO2K is an obvious choice for the productive network administrator.

Add a Comment