A Terrorist Trojan called PGPcoder?
It looks like not only terrorists and kidnappers can take hostages, but trojans too. A trojan called Gpcode (also known as PGPCoder) encrypts user's files with certain extensions and then asks for a ransom to "fee" (decrypt) them. This trojan got some media attention during past 2 weeks. According to media reports the authorities are investigating the case.
Luckily the trojan had a very simple encryption algorithm, so some AV companies were able to create a decryptor for the encrypted files (see www.f-secure.com) . You can find more info also at http://vil.nai.com/vil/content/v_133901.htm
Please note that this is NOT the first time we see some trojan like this. I hope everybody remembers the Aids Info Disk/PC Cyborg Trojan in 1989 where the writer also asked a ransom to decrypt ... seems that everybody especially the media has forgotten this one .. I haven't, as this was my first real Trojan I got in my hands. I started to work with viruses after this incident. Have a look at my press page ... http://www.anti-malware.info/press.htm and go to 'Eddy on television' to view my first interview concerning this.
Luckily the trojan had a very simple encryption algorithm, so some AV companies were able to create a decryptor for the encrypted files (see www.f-secure.com) . You can find more info also at http://vil.nai.com/vil/content/v_133901.htm
Please note that this is NOT the first time we see some trojan like this. I hope everybody remembers the Aids Info Disk/PC Cyborg Trojan in 1989 where the writer also asked a ransom to decrypt ... seems that everybody especially the media has forgotten this one .. I haven't, as this was my first real Trojan I got in my hands. I started to work with viruses after this incident. Have a look at my press page ... http://www.anti-malware.info/press.htm and go to 'Eddy on television' to view my first interview concerning this.
posted by Eddy Willems at 10:32 am
<< Home