Slashdot Mirror
Extortion Virus Code Cracked
Billosaur writes "BBC News is reporting that the password to the dreaded Archiveus virus has been discovered and is now available to anyone who needs it. Archiveus is a 'ransomware' virus, which combines files from the My Documents folder on Windows machines and exchanges them for a single, password-protected file, which it will not unlock unless a password is given. The user would normally be required to pay the extortionist money in order to receive the password, but apparently the virus writer made one small, critical error in coding: placing the password in the code. BTW, the 30-digit password locking the files is mf2lro8sw03ufvnsq034jfowr18f3cszc20vmw."
Odd how that "30 digit password" has 38 characters, 13 of which are digits.
Don't blame me; I'm never given mod points.
Strike anyone else as odd that the BBC (et al.) ran this story big time - made the world service - on the same day that Microsoft announced their all in one security suite, that, by coincidence, protects against such virus'?
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
You are absolutely wrong. PKI was designed with the purpose of preventing man-in-the-middle attacks. The virus writer would include the public key in the virus with an associated encryption algorithm. The problem arised with decryption. In order to decrypt a file you would need an associated private key. Now if this key is available inside the virus it would be just as easy to find as the password within the article.
In fact the whole idea of cryptography revolves around the encryption algorithm telling you nothing about a method to decrypt the data it encrypts (At least without a certain key). These are called trapdoor one-way functions.
The most realistic way I can think of writing such a virus would be to provide and encryption algo in the virus and then provide a decryption program when the intended victim has paid you the money. Now aren't you glad I'm not writing viruses?
There seems to be one glaring problem with the idea of ransomware:
Eventually you're gonna piss off the wrong person.
Imagine the DoD or the CIA getting hit with this. They lookup the registar of the sites you are supposed to buy the drugs from. They then go visit that registar's main office (borders, what borders? we're the CIA, we've never paid attention to soviernty in the past.). They politely ask the registar to hand over all information on the person paying for the domain name (for the definition of polite which involves pointing guns at and kicking people in the head). Once they know who is paying for the web sites (credit info/check info), they visit that person and politely ask for the password to unlock the virus (same definition of polite).
If it's the DoD which gets hit, replace CIA with a Navy SEAL team.
Necessity is the mother of invention.
Laziness is the father.
The fact the LE is good at following money doesn't mean they're actually interested in doing it in the cases you care about.
As a loyal slashdot member, I had not bothered to read the article before posting. I actually did go back and read it, and you'll never guess how the ransom is paid. The victims are asked to go buy drugs at one of three online "pharmacies". Curious, eh?
The quote above, "no-one writes jokes in base 13" is a quote from DNA himself, upon hearing this theory about the question on a newsgroup, I believe.
im in ur
Unfortunately, you cannot use it. To do so would be to circumvent an effective access control method. That, in turn, would put you in violation of the DMCA.
I'm not joking. I'm serious. You are breaking the law if you use this code without having gotten it from the virus writer. Draw your own conclusion about the DMCA from that.
I'm not a lawyer. This is not legal advice.
Forget magic. Any technology distinguishable from divine power is insufficiently advanced.