Security company Kaspersky tells in its blog that there's been detected a new variant of Gpcode. Gpcode is a dangerous file-encryptor which encrypts a whole variety of user files, targeting files with extensions such as DOC, TXT, PDF, XLS, JPG, PNG, CPP, H. First version of Gpcode was seen in 2006.
Gpcode.ak, as Kaspersky calls it, encrypts files of infected machine using RSA encryption with public key coded in the malware itself. These encrypted files can only be decrypted by using private, 1024 bit key that in this case is in possession of the author or the owner of Gpcode. It's estimated that cracking that key would take 15 million modern computers running for about a year.
Kaspersky recommends to enable all possible anti-malware components that are installed in the system since it's unclear at the moment how the virus spreads.
If following picture appears on the screen then it's possible that system has gotten infected with Gpcode:
In those cases users are advised to keep their systems on and contact Kaspersky (stopgpcode@kaspersky.com) through clean system telling details about the infection: exact time and date that system got infected and what had been done during last 5 minutes before the infection (what programs were run, what web sites were visited etc).
To keep people up-to-date on the situation Kaspersky has set up dedicated forum.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment