Sep
10
2008
Over the past few months we have noticed a rash of Fake Antivirus running around the internet. This stuff is typically called XP Antivirus 200(8)(9) etc..
Personally I have cleaned around 15 systems from this infection it is not easy and typically downloads other malware such as Keylogger’s, Browser toolbars, etc..
The writters are putting out new varients of this malware every couple of weeks, so what we have here is a virus that the real antivirus companies are having trouble keeping up with.
You can read more about the new variant here.
Jun
10
2008
Recently there has been some talk about a new “ransomware” that is out and infecting people. The virus is called Virus.Win32.Gpdoce.ak a little information can be found here. In short this virus once executed will search the users hard drive for files to encrypt.
Once your files are encrypted it places a text file in every directory that contains encrypted files.
Your files are encrypted with RSA-1024 algorithm.
To recovery your files you need to buy our decryptor.
To buy decrypting tool contact us at: [censored]@yahoo.com
=== BEGIN ===
[key]
=== END ===
At this time Antivirus vendors are looking for looking for a solution at this time. Kapersky Lab’s seems to be leading the effort here. If you are a code breaker you can go here for more info.
Solutions to help (before this happens to you)
- Backup your data regularly
- Keep a fair amount of back ups
- And what ever you do to not store them on the PC that could become effected, keep them off line via CD/DVD or an external Hard Drive that you keep unplugged from your system
More information and references
http://isc.sans.org/diary.html?storyid=4544
http://blogs.zdnet.com/security/?p=1259
http://people.csail.mit.edu/tromer/gpcode/
http://usa.kaspersky.com/about-us/news-press-releases.php?smnr_id=900000131
http://www.viruslist.com/en/viruses/encyclopedia?virusid=313444
