On Tuesday I blogged about Kaspersky's report of new Gpcode variant. Closer analyzes has shown this be less dangerous than its predecessors. " The claims made by the author about the use of AES-256 and the enormous number of unique keys were a bluff. The author even didn’t use a public key in encryption, so all the information needed to decrypt files is right there in the body of the malicious program", is told in Kaspersky's Blog.
Kaspersky analysis shows that the Trojan uses the 3DES algorithm but the author dug up an off-the-peg Delphi component rather than going to the trouble of creating his own encryption routine. Also, the Trojan's code is quite messy making it look like the author isn't much of a programmer.
Kaspersky calls this new Gpcode variant as Trojan-Ransom.Win32.Gpcode.am. The trojan was spread by another malicious program, P2P-Worm.Win32.Socks.fe.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment