Go to the Softpedia homepage


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
Home / News / Microsoft / Security

Security

1.024 Bit Encrypting Malware Rendered Useless by Freeware Tool

Courtesy of Kaspersky

By Marius Oiaga, Technology News Editor

17th of June 2008, 14:33 GMT

Adjust text size:


Security
Enlarge picture
A freeware file recovery tool is more than enough to render useless an otherwise unbreakable piece of malware which is designed to encrypt files on compromised computers with a RSA 1.024 bits algorithm, and hold them
captive until the user agrees to pay the attacker for the decrypting tool. Detected as Win32/Gpcode.G by Microsoft, Trojan.Gpcoder by Symantec and Gpcode.ak by Kaspersky, the malicious code is a ransom-ware Trojan. Kaspersky Labs acknowledged that breaking the actual encryption is not possible, but that with a 71.2 KB freeware application dubbed StopGpcode, all the encrypted files can be recovered without problems.

"The trojan encrypts all user files (for example, with extensions .txt, .doc, .jpg, .pdf, .chm, .htm, .cpp, .h amongst others) on the infected computer. The encrypted files are saved by appending '_crypt' to the original file name whilst the original files are permanently deleted," informed Dan Nicolescu, from the Microsoft Malware Protection Center.

This is precisely the weak point of the Gpcode trojan. This, because the files deleted can be successfully recovered provided that the hard drive has not been modified since the infection. Russian-based antivirus maker Kaspersky identified a possible solution in the free PhotoRec utility, built by Christophe Grenier. For the time being, the utility delivered by Kaspersky does indeed provide a solution to recovering encrypted files from compromised computers, but end users should take precaution measures because the 1.024 bits encryption algorithm is virtually unbreakable due to the financial resources and time factors that would be involved in the decrypting process.

"The PhotoRec utility performs the function of recovering files on a selected partition remarkably well. However, restoring the exact file names and paths remains a problem. To address this issue, Kaspersky Lab has developed a small free utility, StopGpcode (ZIP file, 71.2 KB), which restores original file names and the full paths of the files recovered," a member of the Kaspersky Labs noted.

Kaspersky StopGpcode is available for download here.

TAGS:

 Win32/Gpcode.G | Trojan.Gpcoder | Gpcode.ak | Kaspersky | StopGpcode


Rating:
Good (3.6/5) 3 vote(s) so far    

Read by 1,309 user(s) | Add comment | Link to this article
Subscribe to news | Print article | Send to friend

© Copyright 2001-2008 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


Download Final Kaspersky Internet Security 2009 and Kaspersky Anti-Virus 2009

Critical Vulnerabilities Hit XP SP3, Vista SP1, DirectX 10

New DirectX 9.0 and DirectX 10.1 Releases for XP SP3 and Vista SP1

Download Windows Firewall with Advanced Security

Until Beta 2 Drops, IE8 Beta 1 and IE7 Ignore the Firefox 3.0 Threat

Free Windows Vista Ultimate SP1 Test Drive

June 2008 Security Releases ISO Image for XP SP3 and Vista SP1

Security Update for IE8 Beta 1 on Vista SP1 and XP SP3 Adds Emulate IE7

User opinions:

No user comments yet.
Be the first to express your opinion using the form below!

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 






SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2008 Softpedia. All rights reserved.
Softpedia™ and the Softpedia™ logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive