Blackmail virus returns with an 'uncrackable' 1024-bit encryption key
Please support our Hardware and Software advertiser: Programming Forums
Jun 6th, 2008, 6:37 am
Kaspersky Lab is warning the public at large to be on the lookout for a new version of the blackmail virus Gpcode which has started to appear in the wild. This particularly nasty twist on the virus format encrypts your files using an RSA encryption algorithm, this time with a 1024-bit key. In order to get your file access back, the virus author offers to sell you a decryption tool. Straightforward blackmail for the digital age, and if those files are critical to your work or contain vital personal data then you might just consider giving in and paying up.
Kaspersky, of course, has seen Gpcode before. In fact, it has managed to thwart the efforts of the virus authors in previous versions by cracking the private encryption keys using in-depth and time consuming cryptographic analysis of the RSA algorithm implementation. The last time around a 660-bit key was used, which Kaspersky says would take a single 2.2Ghz PC some 30 years to crack alone. Unfortunately, in the two years that have followed, the author has tweaked his code to fix previous errors which allowed that analysis to take place and added a 1024-bit encryption key which Kaspersky has been unable to crack so far.
Unless any errors are found it is, to be honest, unlikely that a key of this length will be cracked. Which means that if you do get infected, and if your files do get encrypted, then the only decryption option would appear to sit with the virus author who has that private key to do the unlocking with.
Kaspersky specialists recommend that victims contact them by email to stopgpcode@kaspersky.com if they get infected, using another computer, and tell them exactly what they were doing in the five minutes before infection and the exact time and date of infection. Kaspersky also stresses that users do not restart or power down the infected computer.
"We urge infected users not to yield to the blackmailer, but to contact us and your local cyber crime law enforcement units" a Kaspersky spokesperson told me "yielding to blackmailers only continues the cycle."
Kaspersky, of course, has seen Gpcode before. In fact, it has managed to thwart the efforts of the virus authors in previous versions by cracking the private encryption keys using in-depth and time consuming cryptographic analysis of the RSA algorithm implementation. The last time around a 660-bit key was used, which Kaspersky says would take a single 2.2Ghz PC some 30 years to crack alone. Unfortunately, in the two years that have followed, the author has tweaked his code to fix previous errors which allowed that analysis to take place and added a 1024-bit encryption key which Kaspersky has been unable to crack so far.
Unless any errors are found it is, to be honest, unlikely that a key of this length will be cracked. Which means that if you do get infected, and if your files do get encrypted, then the only decryption option would appear to sit with the virus author who has that private key to do the unlocking with.
Kaspersky specialists recommend that victims contact them by email to stopgpcode@kaspersky.com if they get infected, using another computer, and tell them exactly what they were doing in the five minutes before infection and the exact time and date of infection. Kaspersky also stresses that users do not restart or power down the infected computer.
"We urge infected users not to yield to the blackmailer, but to contact us and your local cyber crime law enforcement units" a Kaspersky spokesperson told me "yielding to blackmailers only continues the cycle."
Tags: virus encryption security blackmail news
•
•
•
•
This blog entry was written by Davey Winder, staff writer aka happygeek. It has been filed under the Hardware and Software category. It has received 2,890 views, 1 comment(s), and 29 linkbacks. It was promoted to featured news status Jun 6th, 2008.
Jenova | Newbie Poster | Jun 6th, 2008
•
•
•
•
Hmm... No doubt the password is hidden in this one as well.
Any information regarding the method used?
Furthermore, a file?
Any information regarding the method used?
Furthermore, a file?
Related Blog Entries
- Will Moonfruit destroy Twitter? (15 Hours Ago)
- Yahoo Announces 'Green' Data Center Powered by Niagara Falls (3 Days Ago)
- Neverland is Your Virtual Linux Playground (3 Days Ago)
- Pink iPhone 3GS is hot stuff (3 Days Ago)
- Sarah Palin Hacked Off (4 Days Ago)
Related Forum Threads
- An apple a day.... (Geeks' Lounge)
- Server anti-virus software needed any suggestions? (*nix Software)
- HijackThis log - Got a virus off of facebook (Viruses, Spyware and other Nasties)
- What's better? Windows 2000 Server or Linux Server? (Windows Servers and IIS)
- Problem with Norton Internet Security (Windows Software)
- Router Security Question... (Networking Hardware Configuration)
- Which Anti-virus to choose (*nix Software)
- I Have A Virus Which Controls My Homepage Under IE's Properties! (Viruses, Spyware and other Nasties)
- Having issues... fntldr.exe, WIN.INI BAH!!! (Windows 9x / Me)
- Removing ISLE.exe (Windows NT / 2000 / XP / 2003)