Tuesday, August 12, 2008

New Version of Gpcode On Loose

Kaspersky reports in its blog about new variant of Gpcode. This version is currently spread via a botnet which name is withheld for security purposes.

Gpcode leaves a text file named crypted.txt which includes a ransom demand of $10. The file also contains the author's contact details: an email address, an ICQ number and a URL. In addition to encrypting files and leaving the message Gpcode changes the desktop wallpaper to a giant red skull with crossbones on white background (screenshot).

The ransom shouldn't be paid since it encourages the author to produce new variants. Also, the authors' details about used encryption algorithm can't be verified at this point. Kaspersky's analysts are analyzing it to find way to crack the encryption and restore files. Meanwhile, victims of latest Gpcode variant are suggested to attempt to restore their files using methods described here. Some victims have reported that the method does partially restore encrypted files.

Gpcode victims are instructed to contact Kaspersky on stopgpcode at kaspersky dot com and watch the blog space for new updates on the matter.

No comments: