Malware authors are getting sneaky again, in the latest turn of events they have started encrypting your files and holding them at ransom!

You have to pay up to get the ‘decryptor’ and get access to your files again. This is pretty dangerous…and cunning too. It’s not easily broken either, they are using RSA 1024-bit encryption!

Kaspersky Lab found a new variant of Gpcode, a dangerous encryptor virus has appeared, – Virus.Win32.Gpcode.ak. Gpcode.ak encrypts files with various extensions including, but not limited, to .doc, .txt, .pdf, .xls, .jpg, .png, .cpp, .h and more using an RSA encryption algorithm with a 1024-bit key.

Kaspersky Lab succeeded in thwarting previous variants of Gpcode when Kaspersky virus analysts were able to crack the private key after in-depth cryptographic analysis. Their researchers have to date been able to crack keys up to 660 bits. This was the result of a detailed analysis of the RSA algorithm implementation. It has been estimated that if the encryption algorithm is implemented correctly, it would take 1 PC with a 2.2 Ghz processor around 30 years to crack a 660-bit key.

It’s pretty smart going after the files that users are most likely to value, I was surprised to see .cpp and .h in there, but I guess the malware being written by programmers they would see those files as valuable too.

I wonder if Kasperky will be able to bust open this 1024-bit private key, so far they haven’t and honestly – I’m not hopeful.

At the time of writing, Kaspersky researchers are unable to decrypt files encrypted by Gpcode.ak since the key is 1024 bits long and they have not found any errors in implementation yet. Thus, at the time of writing, the only way to decrypt the encrypted files is to use the private key which only the author has.

After Gpcode.ak encrypts files on the victim machine it changes the extension of these files to ._CRYPT and places a text file named !_READ_ME_!.txt in the same folder. In the text file the criminal tells the victims that the file has been encrypted and offers to sell them a decryptor.

So watch out (not that I need to tell you guys) and make sure your non-savvy friends understand the dangers of surfing carelessly and downloading nonsense without checking the source properly.

Having your important files end up in an encrypted container isn’t pretty…yes you could have some back-up system in place, but what’s the chance of you spotting the files before your backup runs? After that you are just backing up the encrypted files anyway..

Source: Net Security

Ah this is almost like Ransomeware again, messing up your machine then extorting money from you.

Make sure you educate your non tech savvy relatives about such threats, spyware, adware, trojans and worm type viruses. Education is THE most powerful defence against malware and computer security incidents.

Some simple patching, a free Antivirus protection like Avast! Using Firefox or Opera and most people will be safe with a little education.

A new spyware program that lures computer users by claiming to give free access to pornographic Web content ends up by “blackmailing” them into purchasing a program to clean the infection, a security firm said.

US-based Panda Software said the program called DigiKeyGen generates passwords that supposedly enable users to access to pornographic websites.

At the same time, a spyware program and an alleged anti-spyware application are installed on a computer without the users’ knowledge, Panda said.

Ah the age old adage of free porn, won’t people learn? There’s no such thing as a free lunch, if it’s too good to be true…ITS NOT TRUE!

Porn does power the Internet though, that’s another matter entirely..

These guys say basically the same thing.

“You must always be suspicious of offers for something in exchange for almost nothing,” said Luis Corrons, director of Panda Software Labs, noting that the technique is not new.

“Cybercrime, which aims to make easy money, simply applies traditional fraud techniques to the Internet and as a result, anybody tempted by the chance to get something for nothing is taken in, unaware of the risks of apparently harmless actions, such as downloading small programs or accessing certain websites.”

In a separate security warning, Sophos Labs warned Tuesday that a security alert claiming to be from Microsoft is in fact a “trojan” that steals passwords.

It seems to never end.

Source: Yahoo! News