Kaspersky Lab announces the launch of Stop Gpcode, an international initiative against the blackmailer virus

09 Jun 2008
Virus News

Kaspersky Lab, a leading developer of secure content management systems, announces the launch of the Stop Gpcode international initiative.

The objective of the initiative is to factor (‘crack’) the RSA-1024 key used in Virus.Win32.Gpcode.ak – the latest version of the dangerous Gpcode blackmailer virus.

The signature for Virus.Win32.Gpcode.ak was added to Kaspersky Lab antivirus databases on June 4, 2008.

Different versions of the Gpcode virus encrypt user files of different types (.doc, .txt, .pdf, .xls, .jpg, .png, .cpp, .h etc.) using a strong RSA encryption algorithm with different key lengths. After encrypting files on a computer, the virus automatically generates a message informing the user that the files have been encrypted and demanding payment for a decryption utility.

Kaspersky Lab succeeded in thwarting previous variants of Gpcode when Kaspersky virus analysts were able to crack the private key after in-depth cryptographic analysis. Kaspersky Lab virus researchers have to date been able to crack keys up to 660 bits.

However, the new version of the virus, Virus.Win32.Gpcode.ak, uses a 1024-bit key. The task of ‘cracking’ the RSA-1024 key is an extremely complicated cryptographic problem.

Kaspersky Lab invites all cryptography experts, as well as governmental and research institutions, other antivirus vendors and independent researchers to join the efforts to solve this problem. The company is prepared to provide any additional information at its disposal and is open to dialog with all experts wishing to participate in the Stop Gpcode initiative. The company has sufficient information about the virus to enable experts to begin working on factoring the RSA key.

To coordinate the activity of all participants of the initiative, we have created a special Stop Gpcode forum, which is located at http://forum.kaspersky.com/index.php?showforum=90.

About Kaspersky Lab

Kaspersky Lab is the largest antivirus company in Europe. It delivers some of the world’s most immediate protection against IT security threats, including viruses, spyware, crimeware, hackers, phishing, and spam. The Company is ranked among the world’s top four vendors of security solutions for endpoint users. Kaspersky Lab products provide superior detection rates and one of the industry’s fastest outbreak response times for home users, SMBs, large enterprises and the mobile computing environment. Kaspersky® technology is also used worldwide inside the products and services of the industry’s leading IT security solution providers. Learn more at www.kaspersky.com. For the latest on antivirus, anti-spyware, anti-spam and other IT security issues and trends, visit www.viruslist.com.