Antivirus software vendor Kaspersky is launching an international effort to try to crack the encryption used in a "blackmailer" virus that locks up data on a victim's computer.
The company announced the "Stop the Gpcode Virus" initiative Monday and extended a public invitation to all cryptography experts and other researchers, saying it has sufficient information about the virus to enable experts to begin working on factoring the RSA key.
Kaspersky also created a special forum for the effort.
Kaspersky Lab said last week that it detected a new version of the ransomware type of Gpcode Virus that essentially holds your data hostage until you pay up. It encrypts files on the hard drive using an RSA algorithm with a 1024-bit key and leaves a message that advises the victim to buy a decryptor and provides an e-mail address to contact.
Kaspersky detects the new variant but is unable to crack the encryption key and has analysts working on that. The virus is rated a "moderate risk."
The Gpcode Virus was first detected in 2006. "Two years ago we were able to get the private key by detailed analysis of the data at our disposal," Kasperky Lab explained in a blog posting. "However, the maximum RSA key length we've been able to 'crack' to date is 660 bits. We were able to do this as the author had made some mistakes when implementing the encryption algorithm."
The encryption strength grows exponentially the more bits it has.
People who believe their computers have been infected with the virus are advised not to restart or power down the machines. They should send an e-mail to stopgpcode@kaspersky.com with details of the infection.
This is a screenshot taken of the message that pops up when a computer is infected with the Gpcode virus.
(Credit: Kaspersky )
AVG Anti-Virus Free Edition is one of the most popular products on CNET Download.com, with 61 million downloads. On Thursday, publisher AVG Technologies, formerly known as Grisoft, plans to introduce the full version of AVG Anti-Virus 8.0. This upgrade will feature significant changes to the program, integrating the previously stand-alone tools of AVG Anti-Spyware, AVG Anti-Rootkit, and recent AVG purchase LinkScanner as well as showcasing an entirely new interface.
... Read more
About five years ago I installed the family version of Symantec's Norton Internet Security software on one of my PCs, rendering the machine unusable. Not only couldn't I get any access to the Internet, it was impossible to uninstall the program. I ended up having to reinstall the operating system and all my applications--except Norton Internet Security. At the time I said I would never again install a Symantec security program on any PC, but about a year ago I bought a PC that came with 90 days of Norton 360, and the program won me over. When the free trial period was over I even coughed up $80 for a year's subscription. Apart from the frequent nags about my need to back up (I prefer to use my own manual backup strategy), I'm happy with the Norton 360.
Now the other side of the coin: I've used CheckPoint's ZoneAlarm firewall--both the free and pro versions--for many years, and on many different PCs. The program would occasionally prevent a legitimate program from performing some operation, but on those rare instances I merely shut the firewall down long enough to complete the task, and then turned it back on. No problem.
Until this morning, that is. I spent four hours trying to update a Web site via ftp, only to be told that access to my ISP's ftp server was denied. I tried using the WS_FTP Pro ftp program, Windows Explorer, Firefox, and even a WYSIWYG Web editor, but nothing could get through to the server. I could access the remote system on another PC on my network, but I wanted to avoid having to move the files in question to that PC to complete the transfer. Just last week I had ftp'ed some files without a problem.
After several calls to my blameless ISP, a tech suggested that I uninstall ZoneAlarm. Not just shut it down (which I had already tried), but completely uninstall the app. This struck me as somewhat extreme, but after spending so much time trying to figure out the glitch, I thought it was worth a try. And what do you know: as soon as ZoneAlarm was off the system, I could access the ftp server without a hitch.
Customize your firewall's ftp access using these settings in the free Comodo Firewall Pro.
I suppose I could try to figure out why ZoneAlarm all of a sudden threw a monkey wrench into my server access, but it's quicker and simpler to rely on another free firewall. My ISP's tech guy said he trusted the firewall built into XP, which he claims Microsoft has improved tremendously. But its protection is one way: it doesn't monitor traffic from the PC to the Internet, just stuff inbound. Instead, I loaded the free Comodo Firewall Pro, which also scans your system for viruses, spyware, and other threats. Since I use a remote-access service to log into this PC while on the road, I chose to review requests for incoming connections rather than to block them automatically, which means I'll have to click through a few more pop-ups. But for me this is a small price to pay for the added convenience of remote access.
After you install the Comodo firewall it starts to train itself.
After you install the program and reboot, Comodo "learns" your system, running through the standard processes and services. It also learns as you open your browser and other network-connecting applications for the first time. Once its training is complete, you can click the Comodo icon in the system tray to view your blocked and allowed connections, as well as other traffic data. You also get a snapshot of your running applications, and your choice of five security and alert-frequency settings.
Get a snapshot of your system security on the Comodo Firewall Pro's summary page.
So what did my morning in tech-support hell teach me? First, that my ISP's tech support staff is worth their weight in gold (even if I did assume at first that it was all their fault). Second, that I'm glad there's a myriad of free options when it comes to PC security software. Third, that things change quickly in the computer world, and it doesn't pay to be glued to your assumptions. And fourth, if a program encounters a problem accessing the Internet, check for a conflict with your security software before you get on the horn to your ISP's tech support.
Tomorrow: tweak Windows XP for optimum performance.
Say cheese...not.
Best Buy is warning customers who purchased its Insignia 10.4-inch Digital Picture Frames that their device may be harboring a virus, according an advisory posted on its Web site over the weekend.
Insignia digital frames, with model number NS-DPF10A, may be infected with the virus, Best Buy states in its posting. The company is asking users to contact its Insignia customer care number, 877-467-4289, to determine whether their digital picture frame is infected and how to troubleshoot the virus that can travel through the USB cord and infect a user's PC.
Best Buy learned of the problem in the first week of January, after receiving several customer complaints, said company spokeswoman Nissa French. It took a couple weeks for the company to ascertain the problem, which it attributes to a virus that was loaded onto the devices during the manufacturing process.
(Credit:
Insignia)
Best Buy, which sells the picture frames under its private label Insignia, has since pulled all remaining 10.4-inch Insignia picture frames and inventory from its shelves and Web site, and has discontinued the product's production. No recall, however, has been issued.
In the meantime, Best Buy is contacting all users who purchased the picture frames to warn them of the virus and determine whether their device has been infected, French said. She added that not all of the 10.4-inch picture frames are harboring the virus.
Users who connect their Insignia picture frame to a Windows based PC may be at risk, but no other platforms are affected, she noted.
And because the virus has been in existence for awhile, users' antivirus software may help inoculate the virus from the digital picture frame, she noted. Cameras and USB flash drives are also not affected.
Best Buy's digital picture frame virus is among a number of other holiday devices that have hit the scene with some funky security issues.
French, meanwhile, is checking into the number of users who purchased the Insignia 10.4-inch picture frame, as well as the name and type of virus that is loaded onto the device. Stay tuned...
McAfee on Monday released its 2008 line of security products, including McAfee VirusScan Plus 2008, McAfee Internet Security 2008, and McAfee Total Protection 2008.
In a move that McAfee hopes will distinguish it from the competition, the company is now offering three user licenses for all its desktop products, and is including its SiteAdvisor site-rating software in each product to protect against online fraud. Finally, McAfee is also including VirusScan mobile protection with its desktop Internet Security and Total Protection products.
This "triple play" perhaps makes McAfee's products more economical, but it remains to be seen if the programs themselves have improved over those of last year. CNET Reviews will have a full review of McAfee VirusScan Plus within the week.
McAfee says its mobile software will be available at the end of October and will work only with Windows Mobile devices. Additional compatibility requirements will be posted on the McAfee Web site at that time.
Like worms that have attacked MSN Messenger, AOL IM and Yahoo Messenger in the recent past, a worm is currently attacking Skype IM users. From an infected machine, the virus known as either Ramex.a (Skype) or Pykspa.a (McAfee) or Skipi.a shoots messages with a live link to people on the infected machine's Skype contact list. A JPEG image within the message provides a download link to a file with the SCR extension. Recipients who click on the link are then infected.
Once installed, the worm injects bogus entries into the computer's HOSTS file so that security software cannot update itself. The worm may also add applications to the approved programs that work with the Skype list. More sinister, one of the installed programs attempts to steal sensitive information from the infected machine.
Skype users are advised to be wary when opening links sent by instant messaging. Most antivirus programs will now protect Skype users from infection.
Earlier I had a trilogy of postings about DropMyRights (Part 1, Part 2 and Part 3) that included the warning to run Microsoft Office applications in restricted mode in case a file (Word document, Excel spreadsheet, etc.) carried a virus or some other type of malicious software.
But what do you do if a Word document or Excel spreadsheet doesn't display or work properly when the application is run in restricted mode? A decision needs to be made whether to trust the file and open it in unrestricted mode.
If the file was sent to you by e-mail, you'll no doubt be tempted to judge it based on the person who sent the message. Don't.
For one thing, you can't trust that the reported sender of an e-mail message is the actual sender. It is trivially easy to forge the From address in an e-mail message. And even if the message really did come from the person in the From address, and you trust that person, you still should not assume the file is safe. The sender's computer could be infected with malicious software that sent the e-mail message on its own, without human involvement. But what if the trusted person actually sent the file on purpose? It still could be infected with malware without him or her knowing it.
What to do?
The safest thing, of course, is to delete the file. But if you want or need to use it, then I suggest using the Virus Total and/or Jotti Web sites. Each site lets you upload a file to be scanned by multiple antivirus programs.
The last time I used Virus Total, a free service from Hispasec Sistemas, it scanned my suspicious file with 29 different programs. The list included popular antivirus software from Symantec, Kaspersky and Clam, some less well-known products such as NOD32, Avast and Panda, and a host of products that I had never heard of such as DrWeb, Ikarus and TheHacker. That's the good news.
The bad news is that there probably won't be a consensus opinion. Each time I submitted something suspicious to Virus Total, the results were all over the map. For example, in this screenshot from July 10, you can see that 7 of the 29 programs felt the file was malicious. Democracy is great in other contexts, but here, I'd rather be safe than sorry.
The Internet has been abuzz lately claiming we are in the 25th year of the computer virus. And while many people believe a 15-year-old created the first virus in 1982, I'm not so quick to agree.
After digging through some Web sites offering insight into the history of the computer virus, only one thing is constant: Elk Cloner was not the first. Although some publications are claiming the poetic Elk Cloner virus was first, a host of viruses were ravaging computers in the 1970s.
The world's first generally accepted computer was created by Charles Babbage and while many things are uncertain about its design, one thing is not: no viruses infected it.
But if we fast-forward to the 1970s, the world's first computer virus actually sprang up. Called the Creeper virus, it was first detected on ARPAnet--a U.S. military computer network that was the forerunner of the modern Internet. According to Viruslist, the virus was written for the Tenex operating system and was capable of independently gaining access through a modem and copying itself to a remote system. Once infected, the system would display the following message: "I'M THE CREEPER: CATCH ME IF YOU CAN."
To disable the Creeper virus, a new virus called the Reaper was created. Unlike the Creeper, the Reaper virus spread to networked machines looking for Creeper. If it was found, Reaper would immediately delete it. Regardless of its beneficial actions, who can argue that a program replicating itself to networked computers to delete files isn't a virus? Not me.
If you still don't believe me, a new virus called Rabbit infected computers in 1974. Although it was originally harmless, it replicated itself to other machines so quickly that once it hit critical mass, the system performance would slow to a crawl and eventually, the virus would crash. Hmm, sounds like a virus to me.
As if you needed more evidence to prove this isn't the 25th anniversary of the computer virus, 1975 ushered in one of the most legendary viruses ever: Pervading Animal. Created for the Univac 1108, a man named John Walker found a new way of distributing game files. The game, called Animal, was a self-learning variation of 20 questions that required you to simply "think of an animal." Insistent on putting an end to mailing the game out, Walker coded a virus called Pervade that was called by any program on the system and copied itself to every directory the user had access to without the user's knowledge.
Pervading Animal is one of the most debated viruses today. Some analysts argue that it was an unintentional byproduct of a man trying to make his life a little easier, while others claim intent has nothing to do with deciding whether a program is a virus. I judge a virus on what it does. In this case, the program replicated itself quietly behind the scenes and worked its way into every inch of the system. Pervading Animal was a virus.
While Elk Cloner was truly a virus, it was not the first. And although people like to anoint tags to this or that, recognizing the first virus as having occurred 25 years ago is simply incorrect. The sad fact is we are embarking upon more than 30 years of viruses, not 25. And while the early versions may have been a bit rudimentary, each was a virus nonetheless.
Move over Elk Cloner, you're too late.
If you're interested in reading more about the history of the computer virus, click here and here.
Don Reisinger is a technology columnist who has written about everything from HDTVs to computers to Flowbee Haircut Systems. Don is a member of the CNET Blog Network, and posts at The Digital Home. He is not an employee of CNET. Disclosure.
Avain flu on Google Earth
(Credit: Ohio State University)Biomedical researchers wanted to get a good look at the avian flu virus. And they did not turn to a super microscope. They used Google Earth instead. With Keyhole Markup Language on Google Earth scientists were able to trace the course of the disease over the past decade.
The Google Earth project animates the spread of avian flu virus. In addition the data contains information on all known strains of the evolving flu virus plus all its host organisms. So far avian flu has not proven highly contagious among humans with fewer than 300 known cases worldwide. However, medical research is watching the virus's spread and evolution.
To check out the virus virtually, you need Google Earth downloaded. Then copy this link into your browser.
- prev
- 1
- next
