Sneaky Blackmailing Virus That Encrypts Data 409
BaCa writes "Kaspersky Lab found a new variant of Gpcode which encrypts files with various extensions using an RSA encryption algorithm with a 1024-bit key. After Gpcode.ak encrypts files on the victim machine, it changes the extension of these files to ._CRYPT and places a text file named !_READ_ME_!.txt in the same folder. In the text file the criminal tells the victims that the file has been encrypted and offers to sell them a decryptor. Is this a look into the future where the majority of malware will function based on extortion?"
But were they smart, or stupid? (Score:5, Interesting)
Re:This has been done before (Score:5, Interesting)
Reminds me of... (Score:4, Interesting)
The virus takes your FAT and stores it in RAM. Then lets you play a slot-machine game. If you win, you get your data back. If you lose, you lose your data. Some other combination of characters (in the slot machine) gives you the virus-writer's phone number.
Re:But were they smart, or stupid? (Score:4, Interesting)
In which case the virus writer never gets payed, since his yahoo email account is probably long disabled by then.
There's no point in delaying extortion. The kind of people who decide to run malware, are the same kind of people who don't have any backups, so they're ready to collect from, immediately.
But for how long. (Score:3, Interesting)
Re:But were they smart, or stupid? (Score:5, Interesting)
You may think this is just a joke, but when my second college roommate saw me using an unfamiliar operating system, he naturally started asking me about it. "What's it called?" "Red Hat Linux." "How much does it cost?" "Nothing, it's free." He freaked out: "Oh my God, how can that be legal? That could cost Microsoft so much in lost profits! That should really be illegal..."
The worst part? He was a business major, an honest-to-goodness PHB in training...
Lookup Tables (Score:3, Interesting)
Now, I am not a cryptanalyst or mathematician, and I'm not clear on how RSA works, so bear with me. Suppose I were to generate a list of prime numbers. This only has to be done once. Now suppose I take each prime and multiply it by every other prime on the list. Now if there are n primes, there are going to be n^2 products. Let's say we only store the last ten digits of the product, along with which primes generated it. There's only going to be a handful of primes who's product gives those same last ten digits. So, if the RSA depends on being able to decide which primes a large number is composed of, then would I not just have take the last ten digits of the large number, look up in my table to find the handful of primes that could multiply out to that, and just check those?
Re:But were they smart, or stupid? (Score:3, Interesting)
Re:But were they smart, or stupid? (Score:2, Interesting)
No thanks. [computerworld.com]
old news - see Onehalf (Score:3, Interesting)
Anyone heard about Onehalf [wikipedia.org]? We're talking something like 1992-94 IIRC. :)
If my memory serves me right even further, the virus is from Kosice, Slovakia. It spread quite quickly (even though there was essentialy no Internet at that time in Slovakia) but later on, I believe ESET [eset.com] produced a utility to detect it and clean it up. Nice thing was, that it did not need to boot from clean boot floppy in order to do the clean-up (which was quite unussual at that time).
Funny thing then was, that few month later, as we though that Onehalf is - thanks to that utility - dead and old news, story came from USA that Onehalf reached there and that after a lot of trouble Norton was able to detect it. But not clean it. What a joke. If we've had email, we would happily mass-mail that ESET's anti-Onehalf utility to every one.
Maybe further info: ESET's One Half entry [www.eset.eu].
Re:Oh please! We all know there aren't any REAL ba (Score:4, Interesting)
Banking in Nigeria is not significantly less reputable than anywhere else.
The problem with Nigerian scams is because there are a lot Nigerians, and a significant fraction of them do not trust random people they don't know from Adam (or in some cases, members of their own family) and think that "europeans" must be a bunch of illiterate cretins if they are willing to believe things they read in random e-mails from strangers, and hence deserve to be scammed.
The main factor in Nigerian fraud, is that part of the Nigerian population that believe that God created cretins so they could be scammed. Not a very christian beliefe:
Yes its true, Christianity would stop Nigerian scams - send more missionaries :-)
Yes, I have been to Nigeria.
Re:Oh please! We all know there aren't any REAL ba (Score:1, Interesting)
Oh, that last part about Christianity WAS funny, considering
However, I'd say depicted Nigerian attitude combined with wealth is a bit concerning matter: Of Guns, Germs (, Presumptuousness) and Steel, they seem to just lack a lot of steel to become yet another global PITA.
Re:But were they smart, or stupid? (Score:4, Interesting)