anon
06.06.08, 22:44
We've detected a new variant of Gpcode – a dangerous file-encryptor. It encrypts a whole variety of user files, targeting files with extensions such as DOC, TXT, PDF, XLS, JPG, PNG, CPP, H etc. If you're a regular visitor to Viruslist, you might remember reading about Gpcode a couple of years ago.
We recently started getting reports from infected victims, analysed a sample, and added detection for Gpcode.ak to our antivirus databases yesterday, on June 4th. However, although we detect the virus itself, we can't currently decrypt files encrypted by Gpcode.ak – the RSA encryption implemented in the malware uses a very strong, 1024 bit key.
Viruslist.com - Analyst's Diary (http://www.viruslist.com/en/weblog?weblogid=208187524)
gpcode was that virus that encrypted your stuff and asked you to buy a decrypter from the authors to get the data back... :icon_angry[1]:
edit: now that i think it, why doesn't kapersky just disguise as an infected user, buy the decrypter, then reverse-engineer it and release a fix? :tongue:
We recently started getting reports from infected victims, analysed a sample, and added detection for Gpcode.ak to our antivirus databases yesterday, on June 4th. However, although we detect the virus itself, we can't currently decrypt files encrypted by Gpcode.ak – the RSA encryption implemented in the malware uses a very strong, 1024 bit key.
Viruslist.com - Analyst's Diary (http://www.viruslist.com/en/weblog?weblogid=208187524)
gpcode was that virus that encrypted your stuff and asked you to buy a decrypter from the authors to get the data back... :icon_angry[1]:
edit: now that i think it, why doesn't kapersky just disguise as an infected user, buy the decrypter, then reverse-engineer it and release a fix? :tongue: