Kaspersky Lab publishes the story of its encounter with a blackmailer virus writer

26 Jun 2006
Virus News

Kaspersky Lab virus analysts discuss their experiences in dealing with the author of the Gpcode virus

User blackmail technology is gaining popularity among virus writers. For example, the latest outbreak which hit the Russian Internet a short while ago uses the Gpcode “blackmailer virus” to extort money from users. Kaspersky Lab virus analysts published a description of their encounter with the author of the Gpcode virus in a new article, which can be found at Viruslist.com.

Aside from the fascinating plot, this story is interesting because it once again demonstrates that despite all the warnings and requests made by information security experts, users are surprisingly careless when it comes to protecting their PCs and securing their sensitive information.

For example, Kaspersky Anti-Virus blocked the blackmailer’s attack at all stages of the malicious program’s attempts to penetrate a PC, including from the moment the spam message containing the malicious attachment was received, without requiring the latest antivirus and spam updates – that is, the records used to intercept most Gpcode modifications were added as early as January 2006.

Consequently, users whose antivirus protection was running were protected from the penetration of the “blackmailer virus” and the subsequent encryption of their data.

“During the past year, antivirus companies have come across other malicious code which is used to blackmail users. Two examples are Cryzip and MayArchive, which in 2006 infected users in the US and Great Britain. Both of these programs archive files using an unknown password, and cracking the password is as difficult as cracking Gpcode’s encryption algorithms. These programs demonstrate that using malicious code to blackmail users is not a purely Russian phenomenon,” says Alexander Gostev, a leading Kaspersky Lab virus analyst. “They also demonstrate that it’s essential to back up your data regularly. And under no circumstances should money be paid to the author of such malicious programs; users should contact an antivirus company instead, which will be able to help.”

To read the article in its entirety, click here.

About Kaspersky Lab

Kaspersky Lab (www.kaspersky.com) develops, produces and distributes secure content management solutions that protect customers from IT threats. Kaspersky Lab's products protect both home users and corporate networks from viruses, spyware, adware, Trojans, worms, hackers and spam. For many years now, the company has waged a battle against malicious programs, and in doing so has gained unique knowledge and skills that have resulted in Kaspersky Lab becoming a technology leader and acknowledged expert in the development of secure content management solutions. Today, Kaspersky Lab's products protect more than 200 million users worldwide and its technology is licensed by leading security vendors globally. To find out more about Kaspersky Lab, visit www.kaspersky.com.