It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Thank you.
Some features of ATS will be disabled while you continue to use an ad-blocker.
(visit the link for the full news article)
June 10, 2008 4:59 PM PDT
Kaspersky to try to crack code used in 'blackmailer' virus
Posted by Elinor Mills 1 comment
Antivirus software vendor Kaspersky is launching an international effort to try to crack the encryption used in a "blackmailer" virus that locks up data on a victim's computer.
The company announced the "Stop the Gpcode Virus" initiative Monday and extended a public invitation to all cryptography experts and other researchers, saying it has sufficient information about the virus to enable experts to begin working on factoring the RSA key.
Kaspersky also created a special forum for the effort.
Kaspersky Lab said last week that it detected a new version of the ransomware type of Gpcode Virus that essentially holds your data hostage until you pay up. It encrypts files on the hard drive using an RSA algorithm with a 1024-bit key and leaves a message that advises the victim to buy a decryptor and provides an e-mail address to contact.
Kaspersky detects the new variant but is unable to crack the encryption key and has analysts working on that. The virus is rated a "moderate risk."
The Gpcode Virus was first detected in 2006. "Two years ago we were able to get the private key by detailed analysis of the data at our disposal," Kasperky Lab explained in a blog posting. "However, the maximum RSA key length we've been able to 'crack' to date is 660 bits. We were able to do this as the author had made some mistakes when implementing the encryption algorithm."
The encryption strength grows exponentially the more bits it has.
People who believe their computers have been infected with the virus are advised not to restart or power down the machines. They should send an e-mail to [email protected] with details of the infection.
This is a screenshot taken of the message that pops up when a computer is infected with the Gpcode virus.
(Credit: Kaspersky )