[update: Since this was written there’s been at least one solution to fix Gpcode problems

The folks at Kaspersky Labs have run into a new variant of a nasty little bugger known as Gpcode.  This virus encrypts files on the infected computer and then demands payment for a key that will allow the victim to decrypt the files and recover their data.

Thing is, this version of Gpcode is using the RSA encryption algorithm with a 1024-big key.  This is a strong encryption algorithm that is, given current computer and software technology, impossible to crack without the author’s private key.

The RSA Algorithm uses two keys, one public and one private.  Something that is encrypted with the public key cannot be decrypted without the private key.  The Gpcode virus contains a public key which it uses to encrypt the files.

Gpcode adds “._CRYPT” to the filename of the encrypted files and puts a text file named !_READ_ME_!.txt in the folder with the encrypted files.  The text file contains a message telling the victim that their files have been encrypted and then offers to sell them a “decryptor” program to restore them:

Your files are encrypted with RSA-1024 algorithm.
To recovery your files you need to buy our decryptor.
To buy decrypting tool contact us at: ********@yahoo.com

On the upside, Kaspersky Labs (and I presume by now other AV software) are able to detect Gpcode, but if it encrypts something you’d better have a backup someplace safe because you’re not going to crack 1024-bit RSA encryption anytime within a human lifetime.

Of course, I’m sure that it’s occurred to somebody that the thing to do is for somebody to go ahead and buy the “decryptor” and then reverse engineer it to recover the private key, which can then be used to build a trusted freeware tool to recover Gpcoded files.

Technorati Tags: Spyware and Adware, Viruses and Worms, RSA Algorithm, Microsoft, Complex Attacks, Security, Virus, Key, Passwords, Cyberthreats, Privacy, Spam and Phishing, Vulnerability research, Hackers, Exploit code, Private Key, public key, File, Worms, Yahoo!, Encryption, Rootkits

Be Sociable, Share!
  • Twitter
  • Facebook
  • email
  • Google Reader
If you enjoyed this post, make sure you subscribe to my RSS feed!

Tagged with:

Filed under: Current EventsEncryptionInternetMisc Assorted General StuffNewsOpinionProgrammingSecuritySoftware

Like this post? Subscribe to my RSS feed and get loads more!