Hupigon (also Graftor) detected as (Backdoor.Win32.Hupigon, Trojan.Win32.Hupigon, Backdoor.Win32.Graftor, and Trojan.Win32.Graftor) is a backdoor Trojan. Its first known detection goes back to November 2008, according to Securelist from

Kaspersky Labs Kaspersky Lab (; Russian: Лаборатория Касперского, tr. ''Laboratoriya Kasperskogo'') is a Russian multinational cybersecurity and anti-virus provider headquartered in Moscow, Russia, and operated by a holding company in t ...

. This malicious

software Software is a set of computer programs and associated software documentation, documentation and data (computing), data. This is in contrast to Computer hardware, hardware, from which the system is built and which actually performs the work. ...

, which usually should be a

portable executable The Portable Executable (PE) format is a file format for executables, object code, DLLs and others used in 32-bit and 64-bit versions of Windows operating systems. The PE format is a data structure that encapsulates the information necessary fo ...

(and may be packed with '' UPX''), is mostly used in order to connect a (worldwide) group of victimized PCs and form a

botnet A botnet is a group of Internet-connected devices, each of which runs one or more bots. Botnets can be used to perform Distributed Denial-of-Service (DDoS) attacks, steal data, send spam, and allow the attacker to access the device and its conn ...

(also known as a zombie network). The software is able to spread through networks in order to infect other computers as computer worms do (see

Conficker Conficker, also known as Downup, Downadup and Kido, is a computer worm targeting the Microsoft Windows operating system that was first detected in November 2008. It uses flaws in Windows OS software and dictionary attacks on administrator pas ...

). The difference is that such backdoors do not spread automatically (as worms do), but are started through a

command and control Command and control (abbr. C2) is a "set of organizational and technical attributes and processes ... hatemploys human, physical, and information resources to solve problems and accomplish missions" to achieve the goals of an organization or en ...

-center who is supervising them. In the Hupigon family, there are a large number of variants. They are written in

Borland Delphi Delphi is a general-purpose programming language and a software product that uses the Delphi dialect of the Object Pascal programming language and provides an integrated development environment (IDE) for rapid application development of desktop, ...

Other aliases

* ''Trojan.Win32.Boht'' (

and

Fortinet Fortinet is an American multinational corporation headquartered in Sunnyvale, California. The company develops and sells cybersecurity solutions, such as physical firewalls, antivirus software, intrusion prevention systems, and endpoint secur ...

) * ''Backdoor:Win32/Bezigate'' (

Microsoft Microsoft Corporation is an American multinational technology corporation producing computer software, consumer electronics, personal computers, and related services headquartered at the Microsoft Redmond campus located in Redmond, Washin ...

) * ''Backdoor.Win32.Graftor'' (

Bitdefender Bitdefender is a Romanian cybersecurity technology company headquartered in Bucharest, Romania, with offices in the United States, Europe, Australia and the Middle East. The company was founded in 2001 by the current CEO and main shareholder, ...

) Refs of a Hupigon-File
/ref>

External links

Analysis of a file
-

VirusTotal VirusTotal is a website created by the Spanish security company Hispasec Sistemas. Launched in June 2004, it was acquired by Google in September 2012. The company's ownership switched in January 2018 to Chronicle, a subsidiary of Google. Viru ...

Analysis of a file
- Threat Expert

References

{{Hacking in the 2000s 2008 in computing Rootkits Windows trojans Pascal (programming language) software