HomeCalendarCertificationsColumnsFeaturesForumResourcesVitals
 
Image
 
Latest Additions
 
EH-Net Login
Welcome Guest.
Lost Password?
No account yet? Register
Who's Online
We have 26 guests and 3 members online
EH-Net Donations

Enter Amount:
$
Google Ads
ChicagoCon 2008f
chicagocon2008f_125x200banner.jpg
ChicagoCon 2008f
EH-Net News Feeds
Latest Additions
Book Recommendations



 
Advertisement

You are here: Home arrow Forum arrow Ethical Hacking Discussions and Related Certificationsarrow Malwarearrow Blackmail Trojan
Ethical Hacker Community Forums
September 05, 2008, 12:27:20 PM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: Registration Now Open for ChicagoCon 2008f Oct 27 - Nov 2! Visit www.chicagocon.com.
 
   Home   Help Calendar Login Register  
Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Blackmail Trojan  (Read 2088 times)
0 Members and 1 Guest are viewing this topic.
oneeyedcarmen
Full Member
***
Offline Offline

Posts: 204

Klaatu, Borada,Necktie?


View Profile
« on: June 12, 2008, 09:10:00 AM »
Evil geniuses came up with this one...bet they even have sharks with frickin' laser beams

From The Inquirer

Quote
Blackmailing Trojan encrypts hard-drive
Kaspersky Lab asks for help cracking it

By Nick Farrell: Wednesday, 11 June 2008, 8:06 AM


 KASPERSKY Lab has asked the world, plus dog, to help it crack the key to a Trojan that encrypts your hard drive and then demands cash for the key.

Gpcode has been used in isolated "ransomware" attacks for the last two years. The latest version encrypts all .bak, .doc, .jpg and .pdf and deletes the originals. It then erases itself after leaving a message about where to buy a decryption tool.

Kaspersky said that the files the malware encoded cannot be decrypted because it uses a very strong, 1024-bit key.

The insecurity outfit estimates it would take around 15 million modern computers, running for about a year, to crack such a key.

The company has broken Gpcode's encryption keys in the past, but that was only because the malware's maker had made mistakes implementing the encryption algorithm. µ
Logged
MCP, Security+, Associate (ISC)2
RoleReversal
Sr. Member
****
Offline Offline

Posts: 397


View Profile WWW
« Reply #1 on: June 12, 2008, 10:02:41 AM »
Seems like a variation on a theme, if you've got backups then you shouldn't have a problem (you do have backups don't you).

IMO this should be an easy one for authorities, follow the money.
Logged
A little bit of sanity:
http://www.infosanity.co.uk
Kev
Sr. Member
****
Offline Offline

Posts: 309


View Profile
« Reply #2 on: June 12, 2008, 08:31:16 PM »
Actually depending on where the money is going, it can be hard to track. Well I mean track to the final source. You transfer the money through a few sources and then end up in an unfriendly country and it amazingly disappears. I just hope most people will not be so naive as to assume just by sending money to buy this  decryption tool will correct their problem. 
Logged
g00d_4sh
Sr. Member
****
Offline Offline

Posts: 282



View Profile
« Reply #3 on: June 13, 2008, 03:44:03 PM »
Reminds me of a conference I was just at.... where they suggested using 'loosing' of encryption keys for documents as a method for 'destroying' the documents as per a life-expiration thing.  I chuckled at the idea, but this reminds me of it for some reason.  None the less, yeah I have heard of this before.
Logged
"Bad.. Good?  I'm the guy with the gun"
divine
Newbie
*
Offline Offline

Posts: 12


View Profile
« Reply #4 on: June 20, 2008, 05:03:41 PM »
It is not too hard to hide the trail of money these days... especially if you can move it through some particular foreign countries that make retrieving data VERY difficult. I am not going to get into detail because I don't want to give a tutorial on how to do this and get away clean but let's just say that foreign commodities are a great way to leave a dead end. Use your imagination from there...

My co-workers and I were actually called in on an investigation where this happened to an executive of a child company of ours. Lucky for us this version of ransomware used rot13 and not a 1024 bit key which would have sucked for us considering local IT had not implemented backups for their executives laptops....

-Jordan
Logged
-Jordan
CEPT, CREA, C|EH, MCSE:Security (too many others that I don't care about to list)
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.5 | SMF © 2006-2008, Simple Machines LLC
Joomla Bridge by JoomlaHacks.com 		Valid XHTML 1.0! Valid CSS!
Page created in 0.034 seconds with 22 queries.
 
Polls
Best for daily desktop use:
 
Support EH-Net
chicagocon2008f_125x200banner.jpg
ChicagoCon 2008f

Support EH-Net by
Buying all of your
Amazon items using
the search bar above.
cbtnuggets_logo_125.jpg
Try CBT Nuggets Free!
Recent Forum Topics
Vote For EH-Net

progenic.com
Click here to Vote!

Sadikhov.com
Top IT Cert Sites

binarica.com
Binarica Logo

Add to Technorati Favorites
technorati fave

chicagocon2008f_125x200banner.jpg
ChicagoCon 2008f
 
         
Advertisement

© 2008 The Ethical Hacker Network
Joomla! is Free Software released under the GNU/GPL License.