The infamous Gpcode 'ransomware' virus that hit computers in July was the work of a single person who is known to the authorities, a source close to the hunt for the attacker has told Techworld.
The individual is believed to be a Russian national, and has been in contact with at least one anti-malware company, Kaspersky Lab, in an attempt to sell a tool that could be used to decrypt victims' files.
Initially skeptical, the company was able to verify that the individual was the author of the latest Gpcode attack -- and probably earlier attacks in 2006 and 2007 -- using a variety of forensic evidence, not least that he was able to provide a tool containing the RC4 key able to decrypt the work of the malware on a single PC.
The 128-bit RC4 keys, used to encrypt the user's data, are unique for every attack. The part that had stymied researchers was that this key had, in turn, been encrypted using an effectively unbreakable 1024-bit RSA public key, generated in tandem with the virus author's private key. But the tool did at least prove that the individual had access to the private 'master' key and must therefore be genuine.
Kaspersky Lab set about locating the man by resolving the proxied IP addresses used to communicate with the world to their real addresses. The proxied addresses turned out to be zombie PCs in countries such as the US, which pointed to the fact that GPcode's author had almost certainly used compromised PCs from a single botnet to get Gpcode on to victim's machines.
CompleteInternet security protection with anti-virus, anti-spyware, anti-phishing, anti-spam and anti-hacker technologies. Plus parental controls and virtual keyboard perfect for home or small office.
Key Technologies 0f theInternet Security 2009
Protects from viruses, Trojans, worms,spyware, adware
Scans files, email, and Internet traffic
Protects instant messengers
Protects from unknown threats
2-way Personal Firewall
Safe Wi-Fi and VPN Connections
Intrusion Prevention System
Configuration and Privacy Tools
Cleans traces of user activity
Application Filter: Access to user resources and data is restricted for risky applications
Vulnerability scanning for operating system and installed applications
Analyzes and closesInternet Explorer vulnerabilities
Disables links to malware sites / phishing sites
Global Threat Monitoring (Kaspersky Security Network)
Virtual keyboard for safe entry of personal data
Blocks all types of Keyloggers
Parental Controls
Blocks unwanted web banners
Automatic database updates
Free technical support
Whitelisting
Functionality of the Internet Security 2009
Hourly updates and fastest response times ensure you benefit from the industry's most up-to-date protection.
New- Advanced anti-virus engine delivers the industry's fastest scan times (Passmark Security, June 2007). Saves time and improves performance.
New - Configuration and privacy tools are designed to help you protect yourself.
Intrusion Protection System and 2-way firewall protect you from hackers; protect your privacy.
Protects you from the phishing and malware sites that you wouldn't otherwise know were attempting to steal from you.
Parental controls filter, block, or report inappropriate content. Limit Internet time to hours and amounts that you set.
Kaspersky Security Network allows your computer to report when it discovers a threat that hasn't been seen before. All 250 million Kaspersky users benefit from our combined k
No comments:
Post a Comment