Tuesday, June 10, 2008

Assistance needed for cracking GPCode.ak ...

Our office just launched the following press release following the recent problems with a new GPCode variant. See more at www.viruslist.com .

"Kaspersky Lab, announces the Stop Gpcode, an international initiative against the blackmailing virus Gpcode which emerged last week.
The objective of the initiative is to factor (‘crack’) the RSA-1024 key used in Virus.Win32.Gpcode.ak – the latest version of the dangerous Gpcode blackmailer virus. The signature for Virus.Win32.Gpcode.ak was added to Kaspersky Lab antivirus databases on June 4, 2008.
Kaspersky Lab invites all cryptography experts, as well as governmental and research institutions, other antivirus vendors and independent researchers to join the efforts to solve this problem. The company is prepared to provide any additional information at its disposal and is open to dialog with all experts wishing to participate in the Stop Gpcode initiative.
To coordinate the activity of all participants of the initiative, a special Stop Gpcode forum has been created. "This is the first time in the security history that such an initiative is appearing. Let us hope that this could become a good example of perfect international cooperation. However we must not overestimate this possible solution: a backup in combination with optimal security and good malware protection is still the best solution for a lot of problems, also in the future." says Eddy Willems, Security Evangelist at Kaspersky Lab Benelux.
Gpcode.ak encrypts files with different extensions by using a RSA encryption algorithm with a 1024 bits key. After encrypting, the virus changes the extension of these files to ._CRYPT and places a text file named !_READ_ME_!.txt in the same folder. In the text file the criminal tells the victims that the file has been encrypted and offers to sell them a decryptor.
The author of Gpcode has taken two years to improve the virus: the previous errors have been fixed and the key has been lengthened to 1024 bits instead of 660. The task of ‘cracking’ the RSA-1024 key is an extremely complicated cryptographic problem. Eddy Willems confirms this: “To crack the key at least 15 million computers have to be running for one year.”."

Of course it's clear that this is just an interesting initiative and I really hope it could be realistic in the near future but of course it's not so easy as it seems.
Nevertheless such initiatives haven't been seen in the past and I think it's time that vendors could work together in a better way then before but is that not another harder question. Could this be even more unrealistic? What do you think?