A wide range of tools exist that are used to take control of a victim’s system and leave behind a gift in the form of a backdoor. This is not an exhaustive list, and newer versions of many of these are released regularly:
- let me rule—A remote access Trojan authored entirely in Delphi. It uses TCP port 26097 by default.
- RECUB—Remote Encrypted Callback Unix Backdoor (RECUB) borrows its name from the Unix world. It features RC4 encryption, code injection, and encrypted ICMP communication requests. It demonstrates a key trait of Trojan software—small size— as it tips the scale at less than 6 KB.
- Phatbot—Capable of stealing personal information including e-mail addresses, credit card numbers, and software licensing codes. It returns this information to the attacker or requestor using a P2P network. Phatbot can also terminate many antivirus and software-based firewall products, leaving the victim open to secondary attacks.
- amitis—Opens TCP port 27551 to give the hacker complete control over the victim’s computer.
- Zombam.B—Allows the attacker to use a web browser to infect a computer. It uses port 80 by default and is created with a Trojan-generation tool known as HTTPRat. Much like Phatbot, it also attempts to terminate various antivirus and firewall processes.
- Beast—Uses a technique known as Data Definition Language (DDL) injection to inject itself into an existing process, effectively hiding itself from process viewers.
- Hard-disk killer—A Trojan written to destroy a system’s hard drive. When executed, it attacks a system’s hard drive and wipes it in just a few seconds.