Zipacna

Kaspersky blogs today that it may be possible to decrypt the encrypted. The RSA private key hasn’t been found yet, if at all, but from a detailed analysis of the algorithm used by Gpcode to do the encryption, it has shown that the author has made an error which makes it possible to decrypt encryped files without the private key. However, they said that this can only be done under “certain circumstances” depending on a number of factors, beginning with the system that was attacked. This method should restore from 0% to 98% of all encrypted files on the computer, if even possible at all.

Kaspersky Lab researchers are currently working on creating a file restoration utility that will utilize this new method.

Gpcode propagates onto the victim machine with the help of another malicious program – a bot with Trojan-Downloader functionality. The victim machines had been infected with this malicious program well before Gpcode appeared on them. The bot also downloads a whole range of other Trojan programs in addition to the Gpcode virus.

This entry was posted on Tuesday, June 17th, 2008 at 23:04:06 and is filed under Analysis. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.