June 10, 2008 4:59 PM PDT

Kaspersky to try to crack code used in 'blackmailer' virus

Antivirus software vendor Kaspersky is launching an international effort to try to crack the encryption used in a "blackmailer" virus that locks up data on a victim's computer.

The company announced the "Stop the Gpcode Virus" initiative Monday and extended a public invitation to all cryptography experts and other researchers, saying it has sufficient information about the virus to enable experts to begin working on factoring the RSA key.

Kaspersky also created a special forum for the effort.

Kaspersky Lab said last week that it detected a new version of the ransomware type of Gpcode Virus that essentially holds your data hostage until you pay up. It encrypts files on the hard drive using an RSA algorithm with a 1024-bit key and leaves a message that advises the victim to buy a decryptor and provides an e-mail address to contact.

Kaspersky detects the new variant but is unable to crack the encryption key and has analysts working on that. The virus is rated a "moderate risk."

The Gpcode Virus was first detected in 2006. "Two years ago we were able to get the private key by detailed analysis of the data at our disposal," Kasperky Lab explained in a blog posting. "However, the maximum RSA key length we've been able to 'crack' to date is 660 bits. We were able to do this as the author had made some mistakes when implementing the encryption algorithm."

The encryption strength grows exponentially the more bits it has.

People who believe their computers have been infected with the virus are advised not to restart or power down the machines. They should send an e-mail to stopgpcode@kaspersky.com with details of the infection.

This is a screenshot taken of the message that pops up when a computer is infected with the Gpcode virus.

(Credit: Kaspersky )
Recent posts from News Blog
Sprint HTC Touch Diamond outed early
Woman to virtual ex: 'I won't be ignored!'
Swiss secret sauce to power green choppers
iLink to deliver answers to military online communities
Vonage names new CEO
Add a Comment (Log in or register) 16 comments
by Lerianis June 10, 2008 6:54 PM PDT
So how do we protect against this? Is there any way to protect against this malware or are you basically screwed because it can appear on any site?
Reply to this comment
by ecolisnacks June 10, 2008 7:35 PM PDT
C'mon Eugene, if you crack the code, everyone will think you wrote the malware to begin with. Screwed if you do, screwed if you don't.
Reply to this comment
by pagopagopago June 10, 2008 7:46 PM PDT
Ok so you have to send the payment to whom? Trace the transaction, get the FBI or Interpol to arrest them, waterboard them till they give you the key, and all of our problems are solved.
Reply to this comment
by humbuzz June 10, 2008 7:47 PM PDT
...and the ransom payment goes where? Seems like it could be tracked somehow.
Reply to this comment
by Dalmatian28 June 10, 2008 7:59 PM PDT
whao...this is good one! I wander if this thing works for the files on your beck up drive! If it does, this guy is pro! My first thought was to format the hard-drive and restore from your backup, that is a lot of wasted time but it should work. The problem with this option of course is that if you have some recent files that you care about....you will loose them because you have to restore it to the date before infection. Isn't ironic that the Russian anti-virus company is the only one that is working on this....do you guys think what I am thinking???
Reply to this comment
by Dalmatian28 June 10, 2008 7:59 PM PDT
whao...this is good one! I wander if this thing works for the files on your beck up drive! If it does, this guy is pro! My first thought was to format the hard-drive and restore from your backup, that is a lot of wasted time but it should work. The problem with this option of course is that if you have some recent files that you care about....you will loose them because you have to restore it to the date before infection. Isn't ironic that the Russian anti-virus company is the only one that is working on this....do you guys think what I am thinking???
Reply to this comment
by 0zSpit June 10, 2008 8:01 PM PDT
the virus is running rampant because too many people are using free security programs pushed on them from download.com as actually good security. these people also think you should load your computer up with an arsenal of security that it takes minutes to view a page. it's not like they would pay for anything, just look at all the comments on the iphone blogs. there isnt any. these cheap free-or-nothing people won't be owning an iphone anytime soon.
Reply to this comment
by Rants&Raves June 10, 2008 11:10 PM PDT
On tracking the payment: you can be sure that if it was that blindingly obvious and easy, it would have been done by now. This suggestion is hardly contributing to the discussion.

Dalmatian28: Hmm, praising the bad guy, pointing out the wasted time with the non-compliance option, pointing out how smart the minutiae of the strategy is (more recent files have a higher perceived value), and following up with the misdirection thing. Did I get the gist of your post ?
Reply to this comment
by Remo_Williams June 11, 2008 7:05 AM PDT
Are you thinking what I'm thinking?
"Albanian chicken juice?"
No Shane, I'm thinking that the next time I cross back into the US and some federal schmuck wants to look at my HDD, I'll just claim that the virus has made it inoperable and they are welcome to copy the virus if they like. If they call my bluff, good luck trying to pry open my TrueCrypt volumes.

-R
Reply to this comment
by Ron&Hillery June 11, 2008 8:46 AM PDT
Every time I read one of these I'm so glad I surf and E-mail with Mandriva Linux. Go penguin power.
Reply to this comment View reply
by Seaspray0 June 11, 2008 9:06 AM PDT
It's time for the world to stop allowing criminals like this to live. I don't care if they are hiding in another country. The internet is world wide and needs a security force that trancends the boundaries of all countries. Hunt them down like the animals they are.
Reply to this comment
by ralfthedog June 11, 2008 11:15 AM PDT
Does anyone know if the decryptor work when you cave in to the extortion? If it does, set up a temporary bank account with just the money to buy the decryptor, then reverse engineer the decryptor software.

.



I wonder if the attached email address is even connected to the people who wrote the virus. I can picture someone writing something that encrypts to a random key, then gives his ex bosses email just for revenge.

Reply to this comment
by Dalkorian June 11, 2008 2:31 PM PDT
Wow, that's one nasty little sucker. I hope they catch these folks, film their executions in the electric chair and post the footage on YouTube for others to see. Really make an example out of these buggers. I hate winblows and all, but this is just cold blooded.
Reply to this comment
by victoriarose6201 June 20, 2008 12:11 AM PDT
Hey, buddy, http://www.recovery-soft.com has a partition manager software which is even better than PQ, not matter in function or price, why not have a try? You will find it excellent and worthy!!!

partition manage, partition, computer partition manage, harddisk partition manage, harddisk manage,620
Reply to this comment
by benjaminstraight July 31, 2008 3:56 AM PDT
Good luck crackin'. But it makes him suspect.
Reply to this comment
Powered by Jive Software
advertisement

Latest tech news headlines

Resource center from News.com sponsors
Aligning CIO & CEO visions
What CIOs need to know

It's a simple truth. The closer you and your CEO see things, the greater your chance for success. Our exclusive report can help you get there—and help your business grow. To get the report, featuring the views of 765 CEOs on innovation. click here

Click Here!
What CEOs think: Innovation Insights for CIOs

Learn How CIOs can deliver strategic success for their enterprises

The New CIO: Beyond Technology

Learn how CIOs become heroes

Podcast: Chris Gorog of Napster

Learn about the impact of technology in strategy execution

The future of the Enterprise

Read more about tomorrow's organization

About News Blog

Recent posts on technology, trends, and more.

Add this feed to your online news reader

News Blog topics

Featured blogs

advertisement

Inside CNET News

Scroll Left Scroll Right
  • Nanotech: The Circuits Blog

    Intel ships low-power chips for servers

    New server chips from processor giant draw as little as 12.5 watts per core.

  • Gallery

    Photos: Top 10 reviews of the week

    Here are CNET Reviews' 10 favorite items from the past week, including the TiVo HD XL, Sony Cyber-shot DSC-H50, and the Dish Network's newest digital TV converter box.

  • News - Apple

    Apple watchers spot 'iPod Nano' pix, iTunes hints

    The rumor mill has long been predicting a longer, leaner new version of the iPod Nano, and now it's conjuring up some pictures.

  • Coop's Corner

    Chris Shipley 1, Internet lynch mob 0

    Demo's impresario goes public with a tart and smartly written riposte to the shoot-from-the-lip crowd.

  • Video

    Katie Couric reflects on first Webcast

    The political conventions are over and so are CBS Evening News anchor Katie Couric's first series of Webcasts. CNET's Kara Tsuboi sat down with Couric on the final night of the Republican National Convention to discuss what she liked about Webcasting, some of her most memorable guests, and whether TV news will still be around by the next round of conventions.

  • News - Digital Media

    Ad trade group opposes Yahoo-Google search deal

    Association of National Advertisers announces it has sent a letter to the top antitrust chief for the U.S. Department of Justice, issuing its objections to the controversial Yahoo-Google search ad partnership.

  • Video

    YouTube plays party politics

    During the presidential campaigning four years ago, YouTube didn't even exist. Now it's a tool candidates must master to get their message across. CNET's Kara Tsuboi stops by the YouTube upload booths at the Democratic and Republican conventions to find out why Google's video site has such a big presence in Denver and St. Paul, Minn.

  • News - Gaming and Culture

    Are Demo and TechCrunch50 fragmenting their audiences?

    With both events scheduled to start Monday, many press, as well as venture capitalists and others are having to choose which one to attend.

  • News - Cutting Edge

    Execs predict next Google-like tech

    On eve of company's 10-year anniversary, researchers and business pundits speculate about what technologies might someday have as much impact as Google.

  • Gallery

    Images: The art of 'Spore' prototypes

    Will Wright and his Maxis team worked on dozens of prototypes to test the elements of their soon-to-be-released evolution game. Here's a sampling.

  • Webware

    DemoFall preview: 10 to watch

    If you can only watch 10 pitches from DemoFall, these would be good ones.

  • Green Tech

    TI does energy efficiency on a chip

    Its line of Piccolo microcontrollers can reduce power consumption significantly of home appliances, hybrid cars, LED lighting, and even solar panels.