Slashdot Mirror

← Back to Stories (view on slashdot.org)

Sneaky Blackmailing Virus That Encrypts Data

Posted by timothy on from the ouch-and-double-ouch dept.

BaCa writes "Kaspersky Lab found a new variant of Gpcode which encrypts files with various extensions using an RSA encryption algorithm with a 1024-bit key. After Gpcode.ak encrypts files on the victim machine, it changes the extension of these files to ._CRYPT and places a text file named !_READ_ME_!.txt in the same folder. In the text file the criminal tells the victims that the file has been encrypted and offers to sell them a decryptor. Is this a look into the future where the majority of malware will function based on extortion?"

13 of 409 comments (clear)

  1. But were they smart, or stupid? by pclminion · · Score: 5, Interesting

    Question is, does the encryptor rewrite the data in-place, or just encrypt to a new file then delete the original? If the latter, the data is still recoverable with a simple undelete utility.

    1. Re:But were they smart, or stupid? by Cajun+Hell · · Score: 3, Interesting
      It displays a message when it does it, presumably so that the virus-runner will know that they need to pay someone to decrypt their file. That makes it pretty un-scary: it tells you when to restore. Of course, since your machine is compromised, maybe the "restore" really just overwrites your tape.

      It might take months before I realize they are corrupted

      In which case the virus writer never gets payed, since his yahoo email account is probably long disabled by then.

      There's no point in delaying extortion. The kind of people who decide to run malware, are the same kind of people who don't have any backups, so they're ready to collect from, immediately.

      --
      "Believe me!" -- Donald Trump
    2. Re:But were they smart, or stupid? by Niten · · Score: 5, Interesting

      He did say "good corporate citizen", so if you are not paying for it, you obviously have something to hide and should be reported.

      You may think this is just a joke, but when my second college roommate saw me using an unfamiliar operating system, he naturally started asking me about it. "What's it called?" "Red Hat Linux." "How much does it cost?" "Nothing, it's free." He freaked out: "Oh my God, how can that be legal? That could cost Microsoft so much in lost profits! That should really be illegal..."

      The worst part? He was a business major, an honest-to-goodness PHB in training...

    3. Re:But were they smart, or stupid? by Anonymous Coward · · Score: 3, Interesting

      Call me silly, but I "paid" for my copy of Linux. Instead of a licensing fee, I paid some in donations to various projects of utilities I use daily, from Firefox, to OpenOffice, to TrueCrypt, etc.

    4. Re:But were they smart, or stupid? by Anonymous Coward · · Score: 2, Interesting

      "Otherwise, get a Mac."

      No thanks.

    5. Re:But were they smart, or stupid? by the_womble · · Score: 3, Interesting

      Every time I go to a supermarket they seem to be handing out free samples of something. Does he think that should be illegal? If he has taken an economics course and managed to understand it (although that sounds unlikely), you could have pointed out that the marginal cost of production of a downloaded copy of Linux is much less than that of a free sample of any physical product. I wonder if he thinks that free websites and web services should be illegal as well? Should Internet Explorer be banned because it lost Netscape a lot of money? Did you ever mange to explain to him that there is actually a sound business model behind Red Hat?

  2. Re:This has been done before by Ethanol-fueled · · Score: 4, Interesting

    Do people still keep stuff in "My documents?". Ya'd think that after all of the very public worms, viruses, malware, and phoning-home that people would learn to make their own "My Stuff" folder(if not regularly back up and/or encrypt their important data).

  3. Reminds me of... by vivin · · Score: 3, Interesting

    ...the Casino Virus. Perhaps because of the similar concept of "holding data hostage".

    The virus takes your FAT and stores it in RAM. Then lets you play a slot-machine game. If you win, you get your data back. If you lose, you lose your data. Some other combination of characters (in the slot machine) gives you the virus-writer's phone number.

    --
    Vivin Suresh Paliath
    http://vivin.net

    I like
  4. But for how long. by www.sorehands.com · · Score: 2, Interesting

    I thought of a virus along this line, but slightly different. What it would do is encrypt the data, decrypt on the fly until it is time to demand payment. All backups would have been encrypted too, if you have the correct hooks into the OS. I never tried it, since the dark side has a strong pull.

    --
    Fight Spammers!
  5. Lookup Tables by camperdave · · Score: 2, Interesting

    But there are shortcuts to factorization. ie, if a long number ends in 0 or 5, it is divisible by 5. If the digits add up to 9, it is divisible by 9, etc. There may be similar but far more obscure shortcuts for larger primes.

    Now, I am not a cryptanalyst or mathematician, and I'm not clear on how RSA works, so bear with me. Suppose I were to generate a list of prime numbers. This only has to be done once. Now suppose I take each prime and multiply it by every other prime on the list. Now if there are n primes, there are going to be n^2 products. Let's say we only store the last ten digits of the product, along with which primes generated it. There's only going to be a handful of primes who's product gives those same last ten digits. So, if the RSA depends on being able to decide which primes a large number is composed of, then would I not just have take the last ten digits of the large number, look up in my table to find the handful of primes that could multiply out to that, and just check those?

    --
    When our name is on the back of your car, we're behind you all the way!
  6. old news - see Onehalf by hany · · Score: 2, Interesting

    Anyone heard about Onehalf? We're talking something like 1992-94 IIRC. :)

    If my memory serves me right even further, the virus is from Kosice, Slovakia. It spread quite quickly (even though there was essentialy no Internet at that time in Slovakia) but later on, I believe ESET produced a utility to detect it and clean it up. Nice thing was, that it did not need to boot from clean boot floppy in order to do the clean-up (which was quite unussual at that time).

    Funny thing then was, that few month later, as we though that Onehalf is - thanks to that utility - dead and old news, story came from USA that Onehalf reached there and that after a lot of trouble Norton was able to detect it. But not clean it. What a joke. If we've had email, we would happily mass-mail that ESET's anti-Onehalf utility to every one.

    Maybe further info: ESET's One Half entry.

    --
    hany
  7. Re:Oh please! We all know there aren't any REAL ba by Anne+Thwacks · · Score: 3, Interesting
    owned by the ruling ethnic groupNo. owned by the shareholders, or subsidiaries of well-known internaitonal banks (British, American, etc).

    Banking in Nigeria is not significantly less reputable than anywhere else.

    The problem with Nigerian scams is because there are a lot Nigerians, and a significant fraction of them do not trust random people they don't know from Adam (or in some cases, members of their own family) and think that "europeans" must be a bunch of illiterate cretins if they are willing to believe things they read in random e-mails from strangers, and hence deserve to be scammed.

    The main factor in Nigerian fraud, is that part of the Nigerian population that believe that God created cretins so they could be scammed. Not a very christian beliefe:

    Yes its true, Christianity would stop Nigerian scams - send more missionaries :-)

    Yes, I have been to Nigeria.

    --
    Sent from my ASR33 using ASCII
  8. Re:Oh please! We all know there aren't any REAL ba by Anonymous Coward · · Score: 1, Interesting

    owned by the ruling ethnic group
    . No, owned by the shareholders, or subsidiaries of well-known internaitonal banks (British, American, etc).
    Yeah, because, you know ... "European Africans" are the colo...ruling ethnic group in Africa.

    The problem with Nigerian scams is because there are a lot Nigerians, and a significant fraction of them do not trust random people they don't know from Adam (or in some cases, members of their own family) and think that "europeans" must be a bunch of illiterate cretins if they are willing to believe things they read in random e-mails from strangers, and hence deserve to be scammed.

    The main factor in Nigerian fraud, is that part of the Nigerian population that believe that God created cretins so they could be scammed. Not a very christian beliefe:

    Oh, that last part about Christianity WAS funny, considering ...

    However, I'd say depicted Nigerian attitude combined with wealth is a bit concerning matter: Of Guns, Germs (, Presumptuousness) and Steel, they seem to just lack a lot of steel to become yet another global PITA.