Writings from the intersection of law enforcement and the Internet

Poor choices lead to poor outcomes

And Rat's...
In policing we have a simple saying to explain the monotony of continuously mitigating the poor choices of society, “same stupid thing, different stupid people”. Much Like your favorite gif video from the subreddit r/holdmybeer, rope-swings and mini-bikes never end well. Criminals keep using the same tricks to victimize different people, and different people keep making poor choices to become victims. It’s a never-ending loop. The faces change, the poor choices don’t.

In the most recent illustration of this concept, a cybercrime group dusted off a 15-year-old attack tool to victimize a new crop of fresh-faced college and university students. Most of these students were still learning to read the first time this tool was released to victimize – fresh-faced and naive college students.

The Hupigon RAT (remote access trojan) was first observed in 2006 and came into full prominence in 2010 when it was widely used by nation-state attackers (China) to attack a weakness in Windows Internet Explorer. F-Secure describes the RAT as a backdoor program launched when the victim downloads the malicious executable file. The program provides the attacker near-complete control of the infected machine. Although there have been numerous variants of Hupigon released the core components and mechanics of the program are mostly unchanged.

The method of exploit has also remained unchanged – clicking a shady link in an even shadier email. Hupigon does not have a method to propagate itself and must be spread through a carrier – an email, instant messenger service, or website.

Proofpoint researchers obtained samples of the phishing emails and found they are designed to target mostly men. The messages contain images of two females with the option to chose one for an immediate connection. Clicking the image, however, doesn’t connect you with the beautiful female in the picture, it only connects you with the Hupigon executable file. Proofpoint analysis found that over 45% of the emails were sent to addresses associated with higher education-related accounts. Obviously taking advantage of the millions of young, sexually frustrated, males withering away in COVID-19 related quarantine.

Everyone makes a poor decision every now and then, right? O.K., but for this attack to work, the victim must make two poor decisions. Not only do they have to click the image of a female believing it will connect them to the love of their life, but they must also click the approval button to allow their computer to run the executable.

Like flannel shirts and Converse sneakers, the tried and true always come back in style. Unfortunately, poor decisions remain constant.

#cybercrime #phishing