Robert Hensing's Blog

Software Security . . . and stuff.

Freeware un-delete software pwns fancy schmancy 1024 bit encrypting malware?

Freeware un-delete software pwns fancy schmancy 1024 bit encrypting malware?

  • Comments 1
  • Likes

Seems the miscreants behind the GPCode.ak (<-- picture of message user sees, poor English wording and all) malware finally picked up a copy of 'Applied Cryptography' or the 'Handbook of Applied Cryptography' and coded up a version of their malware that didn't suck.  And it was promptly pwnd by Kaspersky because of a design flaw in the malware that the authors seemingly didn't think about. :)  I'm glad the average miscreant doesn't do design reviews, threat modelling or data-flow diagrams. :)

Anyhoo - it seems that the lack of a native 'secure file delete' function in Windows is a double edged sword - it can hurt you or help you: http://www.kaspersky.com/news?id=207575654

Now that this is all over the news - I'm sure v.next of this ransomware will "fix the glitch" by zero'ing the deleted file or something . . . speaking of which here's an interesting new feature in Vista / WS2008 that I recently became aware of: http://msdn.microsoft.com/en-us/library/aa964911.aspx

Comments
  • Ostatnimi czasy było głośno o nowej wersji GPCode. Było głośno po części z uwagi na inicjatywę firmy Kaspersky, która to inicjatywa miała (przynajmniej według masowych doniesień) na celu złamanie klucza RSA wykorzystywanego przy szyfrowaniu

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment