Welcome to the APBWeb.
Results 1 to 2 of 2
  1. #1
    TXCharlie's Avatar
    TXCharlie is offline Former & Future Reserve Officer
    Join Date
    12-29-05
    Location
    Dallas Area
    Posts
    5,528
    Rep Power
    3224965

    New Version of the Gpcode PC Virus May Be an Elaborate Blackmail Scheme

    http://www.net-security.org/malware_news.php?id=945

    Watch out for a sneaky blackmailing virus that encrypts your data

    Posted on 05.06.2008

    Kaspersky Lab found a new variant of Gpcode, a dangerous encryptor virus has appeared, - Virus.Win32.Gpcode.ak. Gpcode.ak encrypts files with various extensions including, but not limited, to .doc, .txt, .pdf, .xls, .jpg, .png, .cpp, .h and more using an RSA encryption algorithm with a 1024-bit key.

    Kaspersky Lab succeeded in thwarting previous variants of Gpcode when Kaspersky virus analysts were able to crack the private key after in-depth cryptographic analysis. Their researchers have to date been able to crack keys up to 660 bits. This was the result of a detailed analysis of the RSA algorithm implementation. It has been estimated that if the encryption algorithm is implemented correctly, it would take 1 PC with a 2.2 Ghz processor around 30 years to crack a 660-bit key.

    The author of Gpcode has taken two years to improve the virus: the previous errors have been fixed and the key has been lengthened to 1024 bits instead of 660.

    At the time of writing, Kaspersky researchers are unable to decrypt files encrypted by Gpcode.ak since the key is 1024 bits long and they have not found any errors in implementation yet. Thus, at the time of writing, the only way to decrypt the encrypted files is to use the private key which only the author has.

    After Gpcode.ak encrypts files on the victim machine it changes the extension of these files to ._CRYPT and places a text file named !_READ_ME_!.txt in the same folder. In the text file the criminal tells the victims that the file has been encrypted and offers to sell them a decryptor:
    «Your files are encrypted with RSA-1024 algorithm.
    To recovery your files you need to buy our decryptor.
    To buy decrypting tool contact us at: ********@yahoo.com»
    In addition, after GPcode encrypts files, it also displays the message shown below:



    In this case, Kaspersky researchers recommend that victims try to contact us using another computer connected to the Internet. DO NOT RESTART or POWER DOWN the potentially infected machine.

    Kaspersky Lab offers some help:
    Contact us by email at stopgpcode@kaspersky.com and tell us the exact date and time of infection, as well everything you did on the computer in the 5 minutes before the machine was infected:

    ∙ Which programs you have executed,
    ∙ Which websites you have visited, etc.

    We'll try and help you recover any data that has encrypted.
    Kaspersky Lab analysts are continuing to analyze the virus code in search of a way to decrypt the files without having the private key.

    (\__/)
    (='.'=) This is Bunny. Copy and paste Bunny into your
    (")_(") signature to help him gain world domination.

  2. #2
    Cidp24's Avatar
    Cidp24 is offline Tempus Fugit
    Premium Lifetime Member
    Verified LEO
    Join Date
    07-17-06
    Location
    Crossroads of the Sunny South
    Posts
    8,131
    Rep Power
    3999639
    Babelfish won't translate that.
    *************************
    "It wouldn't take much for me to up and run...
    to another life somewhere in the sun."
    *************************
    "There's something inherently wrong with having to put on a bullet-proof vest and a gun to go to work."-(An old friend)


    Any statements or opinions given in my postings or profile do not reflect the opinions, views, policies, and/or procedures of my employer or anyone else other than me. They are my personal opinions or statements only, thereby releasing my employer , any other entity, or any other person of any liability or involvement in anything posted under the username "Cidp24" on O/R.

 

 

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •