Life Of Navin

Random Musings, Random Bullshit.


Kaspersky Not Afraid of 'Blackmailer'!!

Two days ago, I’d written about the new “blackmailer” virus that has surfaced and is being seen as a serious next-gen virus threat. Now, the Russian antivirus software experts Kaspersky has launched an international initiative to try to crack the encryption used in the "blackmailer" Gpcode virus.

The company introduced the "Stop the Gpcode Virus" initiative Monday and extended a public invitation to all cryptography experts and other researchers, saying it has sufficient information about the virus to enable experts to begin working on decrypting the 1024-bit RSA key. As I had mentioned in the last post, Kaspersky has also created a special forum for the effort. And finally some posts in English have surfaced. Ideas from the dumb to the brilliant, from "just ask the virus writer's nicely" to " try reverse engineering encrypted files to partially decrypt the key, then work on this partially decrypted key to break the code" are doing the rounds in the forum.

The Gpcode Virus, as you probably know by now, essentially encrypts and holds your data hostage until you pay up cash for a decryptor. It encrypts files on the hard drive using an RSA algorithm with a 1024-bit key and leaves a message that advises the victim to buy a decryptor and provides an e-mail address to contact. The virus is rated at "moderate risk."

Kaspersky said that its antivirus detects the new variant but is unable to crack the encryption key and that it has analysts working on that.

The Gpcode Virus was first detected in 2006.The encryption strength grows exponentially the more bits its key has. And with 1024-bit encryption, it is almost an unbreakable code. Even major Antivirus companies have accepted this

People who believe their computers have been infected with the virus are advised not to restart or power down the machines. They should send an e-mail to with details of the infection.

Hope that Good triumphs Evil as in most fairytales…..Not that I’m too hopeful of a happy ending. Gpcode’s writer has proven, perhaps the umpteenth time, that virus-writers are not n00bs but are serious about what they do.

Two years ago we were able to get the private key by detailed analysis of the data at our disposal. However, the maximum RSA key length we've been able to crack till date is 660 bits. We were able to do this as the author had made some mistakes when implementing the encryption algorithm --Kaspersky Lab



Finally after all these years, here's to the beginning of what was there, what is there and hopefully what will remain!! So here are my thoughts & words -Online!!

Blog Archive