- Microsoft Windows chief decries standards grandstanding
- The 5 best, and 5 worst, features of Google Chrome OS
- Federal government using PS3 to crack pedophile passwords
- 10G Ethernet cheat sheet
- Top 10 free Windows tools for IT pros, at a glance
The emergence of a variant on a virus that encrypts the victim's data with a strong 1,024-bit algorithm so the victim can't unscramble it without paying a ransom has begun to spread, potentially posing a major threat, according to the antimalware firm which discovered it.
Kaspersky Lab says the new variant of the Windows-based encryptor virus Gpcode, which hasn't been spotted for about 1 ½ years, is more of a threat than it was in the past because this time it is using strong encryption that so far has defied efforts to crack it. (Check out our antivirus buyer's guide.)
"Up until now, we were able to crack the algorithms," says Roel Schouwenberg, senior antivirus researcher at Kaspersky Lab.
Earlier versions of Gpcode — which first appeared about 3 ½ years ago — used far weaker encryption than what it has today, plus it wasn't well implemented, making it fairly easy to crack, Schouwenberg says.
But Gpcode.AK, with its RSA 1,024-bit encryption, is proving hard to break. He adds that computer users should be making an effort to back up their data vigorously in the face of this new threat.
The Gpcode.ak is hard to detect because it attempts to self destruct after encrypting, according to Kaspersky Lab. So far only a handful of computers with files that have been maliciously encrypted have been identified so far. Most evidence about it is originating in Russian-speaking countries, Europe and Africa, he says, but it may be spreading further.
So far, the primary means it uses to spread is unclear, but Kaspersky Lab believes it's a form of "social engineering" that may involve trickery to induce computer users to make use of software they shouldn't.
The text file that the criminals leave tells the victim that the file has been encrypted and offers to sell them a "decryptor." Kaspersky Lab would advise against yielding to blackmailers in any ransomware situation.
Kaspersky Lab says efforts are continuing along with others in the antivirus industry to analyze Gpcode.ak further for technical weaknesses, but that users should now be extra careful in opening files and Web activity.
Rss FeedRss Feed
The Leader in Network Knowledge
Comments (9)
backupsBy shokk on June 5, 2008, 9:05 pmThe only thing that can defeat viruses for sure is backups and versioned filesystems. There has been very little good work done here for the consumer, compared...
Reply | Read entire comment
Backup backup again and testBy Anonymous on June 6, 2008, 6:28 amThe only real protection from this kind of threat is to have backups of everything that matters to you - your photos, your music, the videos of your kids etc - and...
Reply | Read entire comment
ehBy Anonymous on June 6, 2008, 10:38 amuse linux :)
Reply | Read entire comment
ehBy Rick on June 6, 2008, 10:52 amHow about summary execution for malware writers and blackhat hackers? That might do it. Computer users have been victimized long enough by those oxygen thieves.
Reply | Read entire comment
And I thought I was just being paranoidBy Anonymous on June 6, 2008, 4:26 pmI have CD based backups of most of my data, but since I don't trust them very much, I do at least 3 backups to feel somewhat "safe". After reading about this new...
Reply | Read entire comment
where can i download linux frmBy DDB on June 8, 2008, 9:04 pmculd u pls tell me a trusted site where i can download linux frm wit applications to go wit it
Reply | Read entire comment
View all comments