NEWS FROM THE LAB - Thursday, July 1, 2004

HangUp <-> Padodor link Posted by Alexey @ 11:09 GMT

The Padodor/Qukart trojan discovered on June 25th, 2004, was created using Padodor backdoor code. This is the trojan that was downloaded to computers via hacked IIS sites.

There's now been some discussion on whether the Russian "HangUp team" virus group was involved with this case or not. Unless they provided their Padodor source code to someone else (which is doubtful), they are responsible for the latest Padodor/Qukart incidents too. Up to the .G variant of Padodor they signed the backdoors with their "copyright" signature:


In the later variants of this backdoor the copyright string was removed, but the project name "padonok" remained there (Russian word "podonok" means "scum"):


We do not directly accuse HangUp hacker's group of writing Padodor, we only provide facts for investigation. We're not the police. It's the job of a court of law to prove that someone is guilty or not after analysing all the evidence.