NEWS FROM THE LAB - Wednesday, January 2, 2008

Hupigon and On and On Posted by MikkoHy2 @ 15:59 GMT

Do you remember the time when the creator of a computer virus would spend days and nights to produce his new malware? Well I don't — but I'm rather new to the job of Response Analyst — nowadays a "malware author's" life is much easier.

For example, the Hupigon family has spread across the Internet with thousands and thousands of variants. You'll find it frequently in our list of database updates.

Hupigon is a very common family of backdoors. Why is it so common? Kits.

I'll give you an example of how variants are made. First, we acquired a copy of the Hupigon kit. It's very easy to use and to control infected computers (for Chinese speakers at least).

This is the main interface. It's highly polished and feels professionally designed:


Okay, next I can choose the option for "Fast Configuration".

Here's what the default setting looks like:


With the Fast Configuration, you only need to check the desired options and then you're ready to create the variant. It's pretty simple.

So what's the purpose of this backdoor?

Many things are possible. You can record the victim's webcam, send a message to them, copy their files, send additional stuff to their computer, steal passwords, and of course use the infected computer for DDoS attacks.

Here are the DDoS options:


Basically, you can control the victims computer remotely.

You can read more of the details from the family description.

As I don't speak Chinese very well — I've only spent about six months in a Chinese speaking country — I recruited one of our Quality Engineers from upstairs. A big thanks goes to Feng Ping for her assistance.

Signing off,
Mikko Hy2 (Another Mikko in the lab, not Mikko Hypp´┐Żnen)