Security Alert [GPCODE.ak]
5 posters
Page 1 of 1
Security Alert [GPCODE.ak]
Kaspersky Lab found a new variant of Gpcode, a dangerous encryptor virus has appeared, - Virus.Win32.Gpcode.ak. Gpcode.ak encrypts files with various extensions including, but not limited, to .doc, .txt, .pdf, .xls, .jpg, .png, .cpp, .h and more using an RSA encryption algorithm with a 1024-bit key.
Kaspersky Lab succeeded in thwarting previous variants of Gpcode when Kaspersky virus analysts were able to crack the private key after in-depth cryptographic analysis. Their researchers have to date been able to crack keys up to 660 bits. This was the result of a detailed analysis of the RSA algorithm implementation. It has been estimated that if the encryption algorithm is implemented correctly, it would take 1 PC with a 2.2 Ghz processor around 30 years to crack a 660-bit key.
The author of Gpcode has taken two years to improve the virus: the previous errors have been fixed and the key has been lengthened to 1024 bits instead of 660.
At the time of writing, Kaspersky researchers are unable to decrypt files encrypted by Gpcode.ak since the key is 1024 bits long and they have not found any errors in implementation yet. Thus, at the time of writing, the only way to decrypt the encrypted files is to use the private key which only the author has.
After Gpcode.ak encrypts files on the victim machine it changes the extension of these files to ._CRYPT and places a text file named !_READ_ME_!.txt in the same folder. In the text file the criminal tells the victims that the file has been encrypted and offers to sell them a decryptor:«Your files are encrypted with RSA-1024 algorithm.
To recovery your files you need to buy our decryptor.
To buy decrypting tool contact us at: ********@yahoo.com»In addition, after GPcode encrypts files, it also displays the message shown below:
In this case, Kaspersky researchers recommend that victims try to contact us using another computer connected to the Internet. DO NOT RESTART or POWER DOWN the potentially infected machine.
Complete Information:
Kaspersky Lab succeeded in thwarting previous variants of Gpcode when Kaspersky virus analysts were able to crack the private key after in-depth cryptographic analysis. Their researchers have to date been able to crack keys up to 660 bits. This was the result of a detailed analysis of the RSA algorithm implementation. It has been estimated that if the encryption algorithm is implemented correctly, it would take 1 PC with a 2.2 Ghz processor around 30 years to crack a 660-bit key.
The author of Gpcode has taken two years to improve the virus: the previous errors have been fixed and the key has been lengthened to 1024 bits instead of 660.
At the time of writing, Kaspersky researchers are unable to decrypt files encrypted by Gpcode.ak since the key is 1024 bits long and they have not found any errors in implementation yet. Thus, at the time of writing, the only way to decrypt the encrypted files is to use the private key which only the author has.
After Gpcode.ak encrypts files on the victim machine it changes the extension of these files to ._CRYPT and places a text file named !_READ_ME_!.txt in the same folder. In the text file the criminal tells the victims that the file has been encrypted and offers to sell them a decryptor:«Your files are encrypted with RSA-1024 algorithm.
To recovery your files you need to buy our decryptor.
To buy decrypting tool contact us at: ********@yahoo.com»In addition, after GPcode encrypts files, it also displays the message shown below:
In this case, Kaspersky researchers recommend that victims try to contact us using another computer connected to the Internet. DO NOT RESTART or POWER DOWN the potentially infected machine.
Complete Information:
- Code:
http://www.viruslist.com/en/alerts?alertid=203996088
Re: Security Alert [GPCODE.ak]
thats good bro.
my pc had more and everywhere win32 virus. thanks that informations bro. keep like this
my pc had more and everywhere win32 virus. thanks that informations bro. keep like this
Re: Security Alert [GPCODE.ak]
kewl...
fantastic vinu bro
thanks for the information and its very helpful message
fantastic vinu bro
thanks for the information and its very helpful message
Re: Security Alert [GPCODE.ak]
very nice vinay bhai ... thnks for sharing with us ... guess kaspersky is solid really .. kool.. gotta download it
luv.inspecta- Legendary Member
-
Number of posts : 1642
Age : 38
Location : saudi arabia
mig33 username : luv.inspecta
Registration date : 2008-05-19
Re: Security Alert [GPCODE.ak]
This malicious program encrypts files on the victim machine. It is a Windows PE EXE file 8030, bytes in size.
Other versions: .ac, .ad, .ae, .af, .ag, .ai, .f
Once launched, the virus creates the following mutex in memory in order to flag its presence in the system: _G_P_C_.
The virus then starts consecutively scanning all logical disks for files to encrypt. The virus encrypts all user files with the extensions listed below:
The virus uses Microsoft Enhanced Cryptographic Provider v1.0 (built into Windows) to encrypt files. Files are encrypted using the RC4 algorithm. The encryption key is then encrypted using an RSA public key 1024 bits in length which is in the body of the virus.
The RSA encryption algorithm divides encryption keys into public and private. Only the public key is needed to encrypt messages. An encrypted message can be decrypted only using the private key.
The virus creates an encrypted copy of each original file. The encrypted copy retains the original file name, with _CRYPT being added to the end of the file name. Example:
WaterLilles.jpg — original file
WaterLilles.jpg._CRYPT — encrypted file
The original file will then be deleted.
Then as vinay said!!! The virus drops a file called "!_READ_ME_!.txt" to every directory which contains encrypted files. The file contains the following text:Your files are encrypted with RSA-1024 algorithm.
To recovery your files you need to buy our decryptor.
To buy decrypting tool contact us at: [censored]@yahoo.com
Note that Files located in the Program Files directory will not be encrypted. Additionally, the virus will not encrypt the following files:
With "system" and "hidden" attributes;
Less than 10 bytes in size;
Larger than 734003200 bytes in size
Once the virus has delivered its payload, it creates a VBS file which deletes the main body of the virus from the victim machine, and causes the following MessageBox to be displayed (as vinay showed) :
The virus does not register itself in the system registry.
Other versions: .ac, .ad, .ae, .af, .ag, .ai, .f
Detection added | Jun 04 2008 14:39 GMT |
Description added | Jun 06 2008 |
Behavior | Virus |
Platform | Win32 |
Once launched, the virus creates the following mutex in memory in order to flag its presence in the system: _G_P_C_.
The virus then starts consecutively scanning all logical disks for files to encrypt. The virus encrypts all user files with the extensions listed below:
7z | abk | abd | acad |
arh | arj | ace | arx |
asm | bz | bz2 | bak |
bcb | c | cc | cdb |
cdw | cdr | cer | cgi |
chm | cnt | cpp | css |
csv | db | db1 | db2 |
db3 | db4 | dba | dbb |
dbc | dbd | dbe | dbf |
dbt | dbm | dbo | dbq |
dbt | dbx | Djvu | doc |
dok | dpr | dwg | dxf |
ebd | eml | eni | ert |
fax | flb | frm | frt |
frx | frg | gtd | gz |
gzip | gfa | gfr | gfd |
h | inc | igs | iges |
jar | jad | Java | jpg |
jpeg | Jfif | jpe | js |
jsp | hpp | htm | html |
key | kwm | Ldif | lst |
lsp | lzh | lzw | ldr |
man | mdb | mht | mmf |
mns | mnb | mnu | mo |
msb | msg | mxl | old |
p12 | pak | pas | |
pem | pfx | php | php3 |
php4 | pl | prf | pgp |
prx | pst | pw | pwa |
pwl | pwm | pm3 | pm4 |
pm5 | pm6 | rar | rmr |
rnd | rtf | Safe | sar |
sig | sql | tar | tbb |
tbk | tdf | tgz | tbb |
txt | uue | vb | vcf |
wab | xls | xml |
The virus uses Microsoft Enhanced Cryptographic Provider v1.0 (built into Windows) to encrypt files. Files are encrypted using the RC4 algorithm. The encryption key is then encrypted using an RSA public key 1024 bits in length which is in the body of the virus.
The RSA encryption algorithm divides encryption keys into public and private. Only the public key is needed to encrypt messages. An encrypted message can be decrypted only using the private key.
The virus creates an encrypted copy of each original file. The encrypted copy retains the original file name, with _CRYPT being added to the end of the file name. Example:
WaterLilles.jpg — original file
WaterLilles.jpg._CRYPT — encrypted file
The original file will then be deleted.
Then as vinay said!!! The virus drops a file called "!_READ_ME_!.txt" to every directory which contains encrypted files. The file contains the following text:Your files are encrypted with RSA-1024 algorithm.
To recovery your files you need to buy our decryptor.
To buy decrypting tool contact us at: [censored]@yahoo.com
Note that Files located in the Program Files directory will not be encrypted. Additionally, the virus will not encrypt the following files:
With "system" and "hidden" attributes;
Less than 10 bytes in size;
Larger than 734003200 bytes in size
Once the virus has delivered its payload, it creates a VBS file which deletes the main body of the virus from the victim machine, and causes the following MessageBox to be displayed (as vinay showed) :
The virus does not register itself in the system registry.
Guest- Guest
Re: Security Alert [GPCODE.ak]
Current removal technique that kaspersky provides..! is:
If you think your computer has been infected, contact us at stopgpcode@kaspersky.com. Include details of tell us the exact date and time of infection, as well everything you did on the computer in the 5 minutes before the machine was infected:
If you think your computer has been infected, contact us at stopgpcode@kaspersky.com. Include details of tell us the exact date and time of infection, as well everything you did on the computer in the 5 minutes before the machine was infected:
- which websites you have visited, etc.
<LI class=large>which programs you ran,
Guest- Guest
Re: Security Alert [GPCODE.ak]
Virus.Win32.Gpcode.ac |
The program was widely distributed throughout the Russian segment of the Internet using spammer technologies. so watch out when u search for cracks and keygens on website as most of the cracks & keygen website are hosted in Russia (russia doesn't have a copyright law)
Once launched, the virus encrypts files saved on the victim machine which have the following extensions:arh
arj
c
cdr
cgi
chm
cnt
cpp
css
csv
db
db1
db2
dbf
dbt
dbx
doc
flb
frm
frt
frx
gtd
gz
gzip
h
htm
html
key
kwm
lst
man
mdb
mmf
mo
old
p12
pak
pem
pfx
pgp
pl
prf
prx
pst
pwa
pwl
pwm
rar
rmr
rnd
rtf
safe
sar
sig
tar
tbb
txt
xls
xml
zip
The virus partly uses the RSA algorithm to encrypt files.
Once encrypted, files cannot be used. The author of the program then demands money to decrypt the encrypted files. A file called 'readme.txt' appears in folders where encrypted files are located. The file contains the following text (although the email and the encryption key may differ):Some files are coded by RSA method.
To buy decoder mail: *****sh34@rambler.ru
with subject: RSA 5 ********728578411
When contacted by the user, the author of the program will demand payment for decrypting the encrypted files.
Users are reminded that they should be extremely cautious when faced with attachments to suspicious messages. Additionally, users should not contact the authors of malicious programs, nor pay them money, as this will simply act as motivation to write new variants.
Guest- Guest
Re: Security Alert [GPCODE.ak]
Virus.Win32.Gpcode.ad
This malicious program encrypts files on the victim machine. It is a Windows PE EXE file 61 440 bytes in size, packed using UPX. The unpacked file is approximately 135KB in size.
Once launched, the virus encrypts files with the following extensions:3ds
3dx
acd
ace
ai
arc
arh
arj
c
cdr
cgi
chm
cnt
cpp
css
csv
db
db1
db2
dbf
dbt
dbx
dic
doc
dsc
dwg
dxf
eps
fax
fla
flb
frm
frt
frx
gtd
gz
gzip
h
ha
htm
html
jar
key
kwm
lst
lzh
ma
man
mar
mdb
mmf
mo
old
p12
pak
pdf
pem
pfx
pgp
pl
ppt
prf
prx
ps
pst
pwa
pwl
pwm
rar
rle
rmr
rnd
rtf
safe
sar
sig
sln
swf
tar
tbb
tex
tga
txt
xcr
xls
xml
zip
zoo
The virus partially uses the RSA 67 bit algorithm to encrypt files.
Files encrypted by the virus cannot be used. The malicious user will then demand money for decrypting the files.
The virus creates a file called ‘readme.txt’ in folders which contain encrypted files. 'Readme.txt' contains the following message:Some files are coded by RSA method. To buy decoder mail: w*****44@mail.ru with subject: RSA 5 ********507363108091
The email address used may differ from variant to variant.
If the user makes contact via the email address in the message, s/he will be asked to pay a certain sum in return for the encrypted files being decrypted.
Kaspersky Lab reminds Internet users to be extremely cautious with potentially suspicious messages from unknown users and with files from unknown sources.
In addition to this, no money should be paid, as this will motivate the authors of this malicious program to create new variants.
Once the virus has encrypted files, it creates a file called TMP.BAT. This file contains code which will delete the source code of the malicious program.
This malicious program encrypts files on the victim machine. It is a Windows PE EXE file 61 440 bytes in size, packed using UPX. The unpacked file is approximately 135KB in size.
Once launched, the virus encrypts files with the following extensions:3ds
3dx
acd
ace
ai
arc
arh
arj
c
cdr
cgi
chm
cnt
cpp
css
csv
db
db1
db2
dbf
dbt
dbx
dic
doc
dsc
dwg
dxf
eps
fax
fla
flb
frm
frt
frx
gtd
gz
gzip
h
ha
htm
html
jar
key
kwm
lst
lzh
ma
man
mar
mdb
mmf
mo
old
p12
pak
pem
pfx
pgp
pl
ppt
prf
prx
ps
pst
pwa
pwl
pwm
rar
rle
rmr
rnd
rtf
safe
sar
sig
sln
swf
tar
tbb
tex
tga
txt
xcr
xls
xml
zip
zoo
The virus partially uses the RSA 67 bit algorithm to encrypt files.
Files encrypted by the virus cannot be used. The malicious user will then demand money for decrypting the files.
The virus creates a file called ‘readme.txt’ in folders which contain encrypted files. 'Readme.txt' contains the following message:Some files are coded by RSA method. To buy decoder mail: w*****44@mail.ru with subject: RSA 5 ********507363108091
The email address used may differ from variant to variant.
If the user makes contact via the email address in the message, s/he will be asked to pay a certain sum in return for the encrypted files being decrypted.
Kaspersky Lab reminds Internet users to be extremely cautious with potentially suspicious messages from unknown users and with files from unknown sources.
In addition to this, no money should be paid, as this will motivate the authors of this malicious program to create new variants.
Once the virus has encrypted files, it creates a file called TMP.BAT. This file contains code which will delete the source code of the malicious program.
Guest- Guest
Re: Security Alert [GPCODE.ak]
Virus.Win32.Gpcode.ae
This malicious program encrypts files on the victim machine. The virus itself is a Windows PE EXE file approximately 62KB in size, packed using UPX. The unpacked file is approximately 134KB in size.
This program was spammed throughout the Russian Internet.
Once launched, the virus will encrypt files which it finds on the victim machine which have the following extensions:12m
3ds
3dx
4ge
4gl
a
a86
abc
acd
ace
act
ada
adi
aex
af3
afd
ag4
ai
aif
aifc
aiff
ain
aio
ais
akf
alv
amp
ans
ap
apa
apo
app
arc
arh
arj
arx
asc
ask
bb
bcp
bdb
bh
bib
bsa
btr
bup
bwb
bz
c
c86
cac
cat
cbl
cc
cdb
cdr
cgi
cmd
cnt
cob
col
cpp
cpt
crp
cru
csc
css
csv
ctx
cvs
cwb
cwk
cxe
cyp
d
db
db0
db1
db2
db3
db4
dba
dbb
dbc
dbd
dbe
dbf
dbk
dbm
dbo
dbq
dbt
dbx
dic
dif
dm
dmd
doc
dok
dox
dsc
dwg
dxf
dxr
eps
exp
f
fas
fax
fdb
fla
flb
fm
fox
frm
frt
frx
fsl
gtd
gz
gzip
h
ha
hh
hjt
hog
htm
html
htx
ice
icf
ihtml
ish
jar
jsp
key
kwm
lst
lwp
lzh
lzs
lzw
ma
mak
man
maq
mar
mbx
mdb
mdf
mmf
mo
myd
old
p12
pak
pdf
pem
pfx
pgp
pl
pm3
pm4
pm5
pm6
ppt
prf
prx
ps
pst
pw
pwa
pwl
pwm
pwp
pxl
rar
rle
rmr
rnd
rtf
safe
sar
sig
sln
swf
tar
tbb
tex
tga
txt
vp
xcr
xls
xml
zip
zoo
The virus partly uses the RSA 260-bit encryption algorithm to encrypt files.
Once encrypted, files cannot be used. The author of the program then demands money to decrypt the encrypted files.
A file called 'readme.txt' is created in folders where encrypted files are located. The file contains the following text Some files are coded by RSA method.
To buy decoder mail: k6**89@mail.ru
with subject: REPLY
The email address shown may differ from modification to modification of this virus.
If contacted by the user, the author of the program will demand payment for decrypting the encrypted files.
Users are reminded that they should be extremely cautious when faced with attachments to suspicious messages. Additionally, users should not contact the authors of malicious programs, nor pay them money, as this will simply act as motivation to write new variants.
Once the virus has completed its encryption routine, it creates a file named TMP.BAT. This file contains code which will delete the source code of the malicious program from the victim machine.
This malicious program encrypts files on the victim machine. The virus itself is a Windows PE EXE file approximately 62KB in size, packed using UPX. The unpacked file is approximately 134KB in size.
This program was spammed throughout the Russian Internet.
Once launched, the virus will encrypt files which it finds on the victim machine which have the following extensions:12m
3ds
3dx
4ge
4gl
a
a86
abc
acd
ace
act
ada
adi
aex
af3
afd
ag4
ai
aif
aifc
aiff
ain
aio
ais
akf
alv
amp
ans
ap
apa
apo
app
arc
arh
arj
arx
asc
ask
bb
bcp
bdb
bh
bib
bsa
btr
bup
bwb
bz
c
c86
cac
cat
cbl
cc
cdb
cdr
cgi
cmd
cnt
cob
col
cpp
cpt
crp
cru
csc
css
csv
ctx
cvs
cwb
cwk
cxe
cyp
d
db
db0
db1
db2
db3
db4
dba
dbb
dbc
dbd
dbe
dbf
dbk
dbm
dbo
dbq
dbt
dbx
dic
dif
dm
dmd
doc
dok
dox
dsc
dwg
dxf
dxr
eps
exp
f
fas
fax
fdb
fla
flb
fm
fox
frm
frt
frx
fsl
gtd
gz
gzip
h
ha
hh
hjt
hog
htm
html
htx
ice
icf
ihtml
ish
jar
jsp
key
kwm
lst
lwp
lzh
lzs
lzw
ma
mak
man
maq
mar
mbx
mdb
mdf
mmf
mo
myd
old
p12
pak
pem
pfx
pgp
pl
pm3
pm4
pm5
pm6
ppt
prf
prx
ps
pst
pw
pwa
pwl
pwm
pwp
pxl
rar
rle
rmr
rnd
rtf
safe
sar
sig
sln
swf
tar
tbb
tex
tga
txt
vp
xcr
xls
xml
zip
zoo
The virus partly uses the RSA 260-bit encryption algorithm to encrypt files.
Once encrypted, files cannot be used. The author of the program then demands money to decrypt the encrypted files.
A file called 'readme.txt' is created in folders where encrypted files are located. The file contains the following text Some files are coded by RSA method.
To buy decoder mail: k6**89@mail.ru
with subject: REPLY
The email address shown may differ from modification to modification of this virus.
If contacted by the user, the author of the program will demand payment for decrypting the encrypted files.
Users are reminded that they should be extremely cautious when faced with attachments to suspicious messages. Additionally, users should not contact the authors of malicious programs, nor pay them money, as this will simply act as motivation to write new variants.
Once the virus has completed its encryption routine, it creates a file named TMP.BAT. This file contains code which will delete the source code of the malicious program from the victim machine.
Guest- Guest
Re: Security Alert [GPCODE.ak]
Virus.Win32.Gpcode.af
This malicious program encrypts files on the victim machine. It is a Windows PE EXE file 64512 bytes in size, packed using UPX. The unpacked file is approximately 147KB in size.
This malicious program was distributed throughout the Russian Internet using spammer technologies.
Once launched, the virus encrypts files with the following extensions:12m
3ds
3dx
4ge
4gl
a
a86
abc
acd
ace
act
ada
adi
aex
af3
afd
ag4
ai
aif
aifc
aiff
ain
aio
ais
akf
alv
amp
ans
ap
apa
apo
app
arc
arh
arj
arx
asc
ask
bb
bcp
bdb
bh
bib
bsa
btr
bup
bwb
bz
c
c86
cac
cat
cbl
cc
cdb
cdr
cgi
cmd
cnt
cob
col
cpp
cpt
crp
cru
csc
css
csv
ctx
cvs
cwb
cwk
cxe
cyp
d
db
db0
db1
db2
db3
db4
dba
dbb
dbc
dbd
dbe
dbf
dbk
dbm
dbo
dbq
dbt
dbx
dic
dif
dm
dmd
doc
dok
dox
dsc
dwg
dxf
dxr
eps
exp
f
fas
fax
fdb
fla
flb
fm
fox
frm
frt
frx
fsl
gtd
gz
gzip
h
ha
hh
hjt
hog
htm
html
htx
ice
icf
ihtml
ish
jar
jsp
key
kwm
lst
lwp
lzh
lzs
lzw
ma
mak
man
maq
mar
mbx
mdb
mdf
mmf
mo
myd
old
p12
pak
pdf
pem
pfx
pgp
pl
pm3
pm4
pm5
pm6
ppt
prf
prx
ps
pst
pw
pwa
pwl
pwm
pwp
pxl
rar
rle
rmr
rnd
rtf
safe
sar
sig
sln
swf
tar
tbb
tex
tga
txt
vp
xcr
xls
xml
zip
zoo
The virus partially uses the RSA 330 bit algorithm to encrypt files.
Files encrypted by the virus cannot be used. The malicious user will then demand money for decrypting the files.
The virus creates a file called ‘readme.txt’ in folders which contain encrypted files. 'Readme.txt' contains the following message:Some files are coded by RSA method.
To buy decoder mail: k6**89@mail.ru
with subject: REPLY
The email address used may differ from variant to variant.
If the user makes contact via the email address in the message, s/he will be asked to pay a certain sum in return for the encrypted files being decrypted.
Kaspersky Lab reminds Internet users to be extremely cautious with potentially suspicious messages from unknown users and with files from unknown sources.
In addition to this, no money should be paid, as this will motivate the authors of this malicious program to create new variants.
Once the virus has encrypted files, it creates a file called TMP.BAT. This file contains code which will delete the source code of the malicious program.
This malicious program encrypts files on the victim machine. It is a Windows PE EXE file 64512 bytes in size, packed using UPX. The unpacked file is approximately 147KB in size.
This malicious program was distributed throughout the Russian Internet using spammer technologies.
Once launched, the virus encrypts files with the following extensions:12m
3ds
3dx
4ge
4gl
a
a86
abc
acd
ace
act
ada
adi
aex
af3
afd
ag4
ai
aif
aifc
aiff
ain
aio
ais
akf
alv
amp
ans
ap
apa
apo
app
arc
arh
arj
arx
asc
ask
bb
bcp
bdb
bh
bib
bsa
btr
bup
bwb
bz
c
c86
cac
cat
cbl
cc
cdb
cdr
cgi
cmd
cnt
cob
col
cpp
cpt
crp
cru
csc
css
csv
ctx
cvs
cwb
cwk
cxe
cyp
d
db
db0
db1
db2
db3
db4
dba
dbb
dbc
dbd
dbe
dbf
dbk
dbm
dbo
dbq
dbt
dbx
dic
dif
dm
dmd
doc
dok
dox
dsc
dwg
dxf
dxr
eps
exp
f
fas
fax
fdb
fla
flb
fm
fox
frm
frt
frx
fsl
gtd
gz
gzip
h
ha
hh
hjt
hog
htm
html
htx
ice
icf
ihtml
ish
jar
jsp
key
kwm
lst
lwp
lzh
lzs
lzw
ma
mak
man
maq
mar
mbx
mdb
mdf
mmf
mo
myd
old
p12
pak
pem
pfx
pgp
pl
pm3
pm4
pm5
pm6
ppt
prf
prx
ps
pst
pw
pwa
pwl
pwm
pwp
pxl
rar
rle
rmr
rnd
rtf
safe
sar
sig
sln
swf
tar
tbb
tex
tga
txt
vp
xcr
xls
xml
zip
zoo
The virus partially uses the RSA 330 bit algorithm to encrypt files.
Files encrypted by the virus cannot be used. The malicious user will then demand money for decrypting the files.
The virus creates a file called ‘readme.txt’ in folders which contain encrypted files. 'Readme.txt' contains the following message:Some files are coded by RSA method.
To buy decoder mail: k6**89@mail.ru
with subject: REPLY
The email address used may differ from variant to variant.
If the user makes contact via the email address in the message, s/he will be asked to pay a certain sum in return for the encrypted files being decrypted.
Kaspersky Lab reminds Internet users to be extremely cautious with potentially suspicious messages from unknown users and with files from unknown sources.
In addition to this, no money should be paid, as this will motivate the authors of this malicious program to create new variants.
Once the virus has encrypted files, it creates a file called TMP.BAT. This file contains code which will delete the source code of the malicious program.
Guest- Guest
Re: Security Alert [GPCODE.ak]
Virus.Win32.Gpcode.ag
This malicious program encrypts files on the victim machine. It is a Windows PE EXE file 64 512 bytes in size, packed using UPX. The unpacked file is approximately 147KB in size.
This malicious program was distributed throughout the Russian Internet using spammer technologies.
Once launched, the virus encrypts files with the following extensions:12m
3ds
3dx
4ge
4gl
a
a86
abc
acd
ace
act
ada
adi
aex
af3
afd
ag4
ai
aif
aifc
aiff
ain
aio
ais
akf
alv
amp
ans
ap
apa
apo
app
arc
arh
arj
arx
asc
ask
bb
bcp
bdb
bh
bib
bsa
btr
bup
bwb
bz
c
c86
cac
cat
cbl
cc
cdb
cdr
cgi
cmd
cnt
cob
col
cpp
cpt
crp
cru
csc
css
csv
ctx
cvs
cwb
cwk
cxe
cyp
d
db
db0
db1
db2
db3
db4
dba
dbb
dbc
dbd
dbe
dbf
dbk
dbm
dbo
dbq
dbt
dbx
dic
dif
dm
dmd
doc
dok
dox
dsc
dwg
dxf
dxr
eps
exp
f
fas
fax
fdb
fla
flb
fm
fox
frm
frt
frx
fsl
gtd
gz
gzip
h
ha
hh
hjt
hog
htm
html
htx
ice
icf
ihtml
ish
jar
jsp
key
kwm
lst
lwp
lzh
lzs
lzw
ma
mak
man
maq
mar
mbx
mdb
mdf
mmf
mo
myd
old
p12
pak
pdf
pem
pfx
pgp
pl
pm3
pm4
pm5
pm6
ppt
prf
prx
ps
pst
pw
pwa
pwl
pwm
pwp
pxl
rar
rle
rmr
rnd
rtf
safe
sar
sig
sln
swf
tar
tbb
tex
tga
txt
vp
xcr
xls
xml
zip
The virus partially uses the RSA 660 bit algorithm to encrypt files.
Files encrypted by the virus cannot be used. The malicious user will then demand money for decrypting the files.
The virus creates a file called ‘readme.txt’ in folders which contain encrypted files. 'Readme.txt' contains the following message:Some files are coded by RSA method.
To buy decoder mail: dfk***26@mail.ru
with subject: REPLY
The email address may differ from variant to variant.
If the user makes contact via the email address in the message, s/he will be asked to pay a certain sum in return for the encrypted files being decrypted.
Kaspersky Lab reminds Internet users to be extremely cautious with potentially suspicious messages from unknown users and with files from unknown sources.
In addition to this, no money should be paid, as this will motivate the authors of this malicious program to create new variants.
Once the virus has encrypted files, it creates a file called TMP.BAT. This file contains code which will delete the source code of the malicious program.
This malicious program encrypts files on the victim machine. It is a Windows PE EXE file 64 512 bytes in size, packed using UPX. The unpacked file is approximately 147KB in size.
This malicious program was distributed throughout the Russian Internet using spammer technologies.
Once launched, the virus encrypts files with the following extensions:12m
3ds
3dx
4ge
4gl
a
a86
abc
acd
ace
act
ada
adi
aex
af3
afd
ag4
ai
aif
aifc
aiff
ain
aio
ais
akf
alv
amp
ans
ap
apa
apo
app
arc
arh
arj
arx
asc
ask
bb
bcp
bdb
bh
bib
bsa
btr
bup
bwb
bz
c
c86
cac
cat
cbl
cc
cdb
cdr
cgi
cmd
cnt
cob
col
cpp
cpt
crp
cru
csc
css
csv
ctx
cvs
cwb
cwk
cxe
cyp
d
db
db0
db1
db2
db3
db4
dba
dbb
dbc
dbd
dbe
dbf
dbk
dbm
dbo
dbq
dbt
dbx
dic
dif
dm
dmd
doc
dok
dox
dsc
dwg
dxf
dxr
eps
exp
f
fas
fax
fdb
fla
flb
fm
fox
frm
frt
frx
fsl
gtd
gz
gzip
h
ha
hh
hjt
hog
htm
html
htx
ice
icf
ihtml
ish
jar
jsp
key
kwm
lst
lwp
lzh
lzs
lzw
ma
mak
man
maq
mar
mbx
mdb
mdf
mmf
mo
myd
old
p12
pak
pem
pfx
pgp
pl
pm3
pm4
pm5
pm6
ppt
prf
prx
ps
pst
pw
pwa
pwl
pwm
pwp
pxl
rar
rle
rmr
rnd
rtf
safe
sar
sig
sln
swf
tar
tbb
tex
tga
txt
vp
xcr
xls
xml
zip
The virus partially uses the RSA 660 bit algorithm to encrypt files.
Files encrypted by the virus cannot be used. The malicious user will then demand money for decrypting the files.
The virus creates a file called ‘readme.txt’ in folders which contain encrypted files. 'Readme.txt' contains the following message:Some files are coded by RSA method.
To buy decoder mail: dfk***26@mail.ru
with subject: REPLY
The email address may differ from variant to variant.
If the user makes contact via the email address in the message, s/he will be asked to pay a certain sum in return for the encrypted files being decrypted.
Kaspersky Lab reminds Internet users to be extremely cautious with potentially suspicious messages from unknown users and with files from unknown sources.
In addition to this, no money should be paid, as this will motivate the authors of this malicious program to create new variants.
Once the virus has encrypted files, it creates a file called TMP.BAT. This file contains code which will delete the source code of the malicious program.
Guest- Guest
Re: Security Alert [GPCODE.ak]
Virus.Win32.Gpcode.ai
This malicious program encrypts files on the victim machine. It is a Windows PE EXE file. It is packed using UPX. The unpacked file is 58,368 bytes in size.
The executable file of known variants of this virus are called "ntos.exe".
Once launched, the virus creates a unique encryption key, and saves it to the system registry:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion]
"WinCode" = ""
The malicious program also adds itself to the system registry:[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"UserInit" = "%System%\userinit.exe, %System%\ntos.exe"
This key value will be periodically checked by system processes that have had malicious code injected into them (e.g. "Winlogon.exe". If the key value is changed (i.e. if "%System%\ntos.exe" is deleted" then it will be automatically restored from the system process.
"%System%\ntos.exe" is protected from modification, renaming, and copying.
If the current system date is between 10th and 15th July 2007, the virus will encrypt all user files with the following extensions:.12m
.3ds
.3dx
.4ge
.4gl
.7z
.a
.a86
.abc
.acd
.ace
.act
.ada
.adi
.aex
.af3
.afd
.ag4
.ai
.aif
.aifc
.aiff
.ain
.aio
.ais
.akf
.alv
.amp
.ans
.ap
.apa
.apo
.app
.arc
.arh
.arj
.arx
.asc
.asm
.ask
.au
.bak
.bas
.bb
.bcb
.bcp
.bdb
.bh
.bib
.bpr
.bsa
.btr
.bup
.bwb
.bz
.bz2
.c
.c86
.cac
.cbl
.cc
.cdb
.cdr
.cgi
.cmd
.cnt
.cob
.col
.cpp
.cpt
.crp
.cru
.csc
.css
.csv
.ctx
.cvs
.cwb
.cwk
.cxe
.cxx
.cyp
.d
.db
.db0
.db1
.db2
.db3
.db4
.dba
.dbb
.dbc
.dbd
.dbe
.dbf
.dbk
.dbm
.dbo
.dbq
.dbt
.dbx
.dfm
.djvu
.dic
.dif
.dm
.dmd
.doc
.dok
.dot
.dox
.dsc
.dwg
.dxf
.dxr
.eps
.exp
.f
.fas
.fax
.fdb
.fla
.flb
.frm
.fm
.fox
.frm
.frt
.frx
.fsl
.gtd
.gif
.gz
.gzip
.h
.ha
.hh
.hjt
.hog
.hpp
.htm
.html
.htx
.ice
.icf
.inc
.ish
.iso
.jar
.jad
.java
.jpg
.jpeg
.js
.jsp
.key
.kwm
.lst
.lwp
.lzh
.lzs
.lzw
.ma
.mak
.man
.maq
.mar
.mbx
.mdb
.mdf
.mid
.mo
.myd
.obj
.old
.p12
.pak
.pas
.pdf
.pem
.pfx
.php
.php3
.php4
.pgp
.pkr
.pl
.pm3
.pm4
.pm5
.pm6
.png
.ppt
.pps
.prf
.prx
.ps
.psd
.pst
.pw
.pwa
.pwl
.pwm
.pwp
.pxl
.py
.rar
.res
.rle
.rmr
.rnd
.rtf
.safe
.sar
.skr
.sln
.swf
.sql
.tar
.tbb
.tex
.tga
.tgz
.tif
.tiff
.txt
.vb
.vp
.wps
.xcr
.xls
.xml
.zip
The virus drops a file called "read_me.txt" to every directory which contains encrypted files. The file contains the following text:
Hello, your files are encrypted with RSA-4096 algorithm (http://en.wikipedia.org/wiki/RSA).
You will need at least few years to decrypt these files without our software. All your private information for last 3 months were collected and sent to us.
To decrypt your files you need to buy our software. The price is $300.
To buy our software please contact us at: xxxxx@xxxx.com and provide us your personal code -XXXXX. After successful purchase we will send your decrypting tool, and your private information will be deleted from our system.
If you will not contact us in 3 months your private information will be shared and you will lost all your data.
The virus also creates a hidden folder called "wsnpoem" in the Windows system directory, which contains two empty files: "video.dll" and "audio.dll".
REMOVAL INSTRUCTIONS ( only for Virus.Win32.Gpcode.ai)
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
This malicious program encrypts files on the victim machine. It is a Windows PE EXE file. It is packed using UPX. The unpacked file is 58,368 bytes in size.
The executable file of known variants of this virus are called "ntos.exe".
Once launched, the virus creates a unique encryption key, and saves it to the system registry:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion]
"WinCode" = ""
The malicious program also adds itself to the system registry:[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"UserInit" = "%System%\userinit.exe, %System%\ntos.exe"
This key value will be periodically checked by system processes that have had malicious code injected into them (e.g. "Winlogon.exe". If the key value is changed (i.e. if "%System%\ntos.exe" is deleted" then it will be automatically restored from the system process.
"%System%\ntos.exe" is protected from modification, renaming, and copying.
If the current system date is between 10th and 15th July 2007, the virus will encrypt all user files with the following extensions:.12m
.3ds
.3dx
.4ge
.4gl
.7z
.a
.a86
.abc
.acd
.ace
.act
.ada
.adi
.aex
.af3
.afd
.ag4
.ai
.aif
.aifc
.aiff
.ain
.aio
.ais
.akf
.alv
.amp
.ans
.ap
.apa
.apo
.app
.arc
.arh
.arj
.arx
.asc
.asm
.ask
.au
.bak
.bas
.bb
.bcb
.bcp
.bdb
.bh
.bib
.bpr
.bsa
.btr
.bup
.bwb
.bz
.bz2
.c
.c86
.cac
.cbl
.cc
.cdb
.cdr
.cgi
.cmd
.cnt
.cob
.col
.cpp
.cpt
.crp
.cru
.csc
.css
.csv
.ctx
.cvs
.cwb
.cwk
.cxe
.cxx
.cyp
.d
.db
.db0
.db1
.db2
.db3
.db4
.dba
.dbb
.dbc
.dbd
.dbe
.dbf
.dbk
.dbm
.dbo
.dbq
.dbt
.dbx
.dfm
.djvu
.dic
.dif
.dm
.dmd
.doc
.dok
.dot
.dox
.dsc
.dwg
.dxf
.dxr
.eps
.exp
.f
.fas
.fax
.fdb
.fla
.flb
.frm
.fm
.fox
.frm
.frt
.frx
.fsl
.gtd
.gif
.gz
.gzip
.h
.ha
.hh
.hjt
.hog
.hpp
.htm
.html
.htx
.ice
.icf
.inc
.ish
.iso
.jar
.jad
.java
.jpg
.jpeg
.js
.jsp
.key
.kwm
.lst
.lwp
.lzh
.lzs
.lzw
.ma
.mak
.man
.maq
.mar
.mbx
.mdb
.mdf
.mid
.mo
.myd
.obj
.old
.p12
.pak
.pas
.pem
.pfx
.php
.php3
.php4
.pgp
.pkr
.pl
.pm3
.pm4
.pm5
.pm6
.png
.ppt
.pps
.prf
.prx
.ps
.psd
.pst
.pw
.pwa
.pwl
.pwm
.pwp
.pxl
.py
.rar
.res
.rle
.rmr
.rnd
.rtf
.safe
.sar
.skr
.sln
.swf
.sql
.tar
.tbb
.tex
.tga
.tgz
.tif
.tiff
.txt
.vb
.vp
.wps
.xcr
.xls
.xml
.zip
The virus drops a file called "read_me.txt" to every directory which contains encrypted files. The file contains the following text:
Hello, your files are encrypted with RSA-4096 algorithm (http://en.wikipedia.org/wiki/RSA).
You will need at least few years to decrypt these files without our software. All your private information for last 3 months were collected and sent to us.
To decrypt your files you need to buy our software. The price is $300.
To buy our software please contact us at: xxxxx@xxxx.com and provide us your personal code -XXXXX. After successful purchase we will send your decrypting tool, and your private information will be deleted from our system.
If you will not contact us in 3 months your private information will be shared and you will lost all your data.
Glamorous team
The virus also creates a hidden folder called "wsnpoem" in the Windows system directory, which contains two empty files: "video.dll" and "audio.dll".
REMOVAL INSTRUCTIONS ( only for Virus.Win32.Gpcode.ai)
If your computer does not have an up-to-date antivirus, or does not have an antivirus solution at all, follow the instructions below to delete the malicious program:
- If the malicious program has encrypted files on your machine, you can use Kaspersky Lab's free utility to decrypt them. Instructions and the utility itself can be found on the KL technical support site. Make sure you read the instructions carefully. Entering the wrong key could cause files to be irrevocably damaged.</FONT>
<LI class=large>Modify the system registry key value by adding any symbol to the end of the name of the malicious module: Example: [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
"UserInit" = "%System%\userinit.exe, %System%\ntos.exe_"
<LI class=large>Reboot the computer.
<LI class=large>Manually delete the files listed below from the Windows system directory: ntos.exe
Guest- Guest
Re: Security Alert [GPCODE.ak]
ohhh god dats a huge list .... am worrried for my laptop now ...
is norton gud enough to detect all this crappy virus ?!
is norton gud enough to detect all this crappy virus ?!
luv.inspecta- Legendary Member
-
Number of posts : 1642
Age : 38
Location : saudi arabia
mig33 username : luv.inspecta
Registration date : 2008-05-19
Re: Security Alert [GPCODE.ak]
Virus.Win32.Gpcode.f
This file virus is a Windows PE EXE file, packed using UPX. The packed file is approximately 56KB in size, and the unpacked file is approximately 122KB in size. Once launched, the virus will encrypt files with the following extensions on the victim machine: arj cdr cgi css csv db dbf dbt dbx doc flb frm frt frx gtd gz htm html kwm mdb mmf pak pl pst pwa pwl pwm rar rmr rtf sar tar tbb txt xls xml zip The original virus file will be deleted after launch. The following text can be seen at the beginning of encrypted files:PGPcoder A file named readme.txt will appear in folders which contain encrypted files. The contents of readme.txt are as follows:Some files are coded. To buy decoder mail: md56@mail.ru with subject: PGPcoder md56 The text may give a different email address or decrypter version, depending on the version of Virus.Win32.GPCode. If the user contacts the email address listed in readme.txt, they will receive an answer asking for a specific sum of money in return for decrypting files. |
Last edited by abid861 on Sat Jun 07, 2008 7:31 am; edited 2 times in total
Guest- Guest
Re: Security Alert [GPCODE.ak]
*.. i added extended info to vinay's info so that forum users may know about the history and variants of the virus.win32.gpcode
Guest- Guest
Re: Security Alert [GPCODE.ak]
@ luv.inspecta ... bro for anti-virus(es) it is not a easy task to decrypt files... just like vinay said... that even kaspersky team is not able to decrypt the 1024 bit encryption completely YET!...
lemme give u the encryption n decryptional info...! of RSA 1024 bit
RSA involves a public key and a private key. The public key can be known to everyone and is used for encrypting messages. Messages encrypted with the public key can only be decrypted using the private key. The keys for the RSA algorithm are generated the following way:
<LI>Compute the totient: .
<LI>Choose an integer e such that , and and share no factors other than 1 (i.e. e and are coprime)
<LI>Compute d to satisfy the congruence relation ; i.e. for some integer k.
Notes on the above steps:
The public key consists of the modulus and the public (or encryption) exponent .
The private key consists of the modulus and the private (or decryption) exponent which must be kept secret.
</LI>
Encryption
*Alice transmits her public key to *Bob and keeps the private key secret. Bob then wishes to send message M to Alice.
He first turns M into a number < by using an agreed-upon reversible protocol known as a padding scheme. He then computes the ciphertext corresponding to:
This can be done quickly using the method of exponentiation by squaring. Bob then transmits to Alice.
Decryption
Alice can recover from by using her private key exponent by the following computation:
Given , she can recover the original message M.
The above decryption procedure works because first
.
Now, , and hence
and
which can also be written as
and
for proper values of and . If is not a multiple of then and are coprime because is prime; so by Fermat's little theorem
and therefore, using the first expression for ,
.
If instead is a multiple of , then
.
Using the second expression for , we similarly conclude that
.
Since and are distinct prime numbers, they are relatively prime to each other, so the fact that both primes divide med − m implies their product divides med − m, which means
.
Thus,
.
*names as an example
lemme give u the encryption n decryptional info...! of RSA 1024 bit
RSA involves a public key and a private key. The public key can be known to everyone and is used for encrypting messages. Messages encrypted with the public key can only be decrypted using the private key. The keys for the RSA algorithm are generated the following way:
- Choose two distinct large random prime numbers p and q
- Compute
- is used as the modulus for both the public and private keys
<LI>Compute the totient: .
<LI>Choose an integer e such that , and and share no factors other than 1 (i.e. e and are coprime)
- e is released as the public key exponent
<LI>Compute d to satisfy the congruence relation ; i.e. for some integer k.
- d is kept as the private key exponent
Notes on the above steps:
- Step 1: Numbers can be probabilistically tested for primality.
- Step 3: changed in PKCS#1 v2.0 to , where lcm is the least common multiple, instead of .
- Step 4: A popular choice for the public exponents is = 216 + 1 = 65537. Some applications choose smaller values such as = 3, 5, 17 or 257 instead. This is done to make encryption and signature verification faster on small devices like smart cards but small public exponents can lead to greater security risks.
- Steps 4 and 5 can be performed with the extended Euclidean algorithm; see modular arithmetic.
The public key consists of the modulus and the public (or encryption) exponent .
The private key consists of the modulus and the private (or decryption) exponent which must be kept secret.
- For efficiency a different form of the private key can be stored:
- and : the primes from the key generation,
- and ,
- .
</LI>
- All parts of the private key must be kept secret in this form. and are sensitive since they are the factors of , and allow computation of given . If and are not stored in this form of the private key then they are securely deleted along with other intermediate values from key generation.
- Although this form allows faster decryption and signing by using the Chinese Remainder Theorem, it is considerably less secure since it enables sidechannel attacks. This is a particular problem if implemented on smart cards, which benefit most from the improved efficiency. (Start with y = xemodn and let the card decrypt that. So it computes yd(mod p) or yd(mod q) whose results give some value z. Now, induce an error in one of the computations. Then gcd(z − x,n) will reveal p or q.)
Encryption
*Alice transmits her public key to *Bob and keeps the private key secret. Bob then wishes to send message M to Alice.
He first turns M into a number < by using an agreed-upon reversible protocol known as a padding scheme. He then computes the ciphertext corresponding to:
This can be done quickly using the method of exponentiation by squaring. Bob then transmits to Alice.
Decryption
Alice can recover from by using her private key exponent by the following computation:
Given , she can recover the original message M.
The above decryption procedure works because first
.
Now, , and hence
and
which can also be written as
and
for proper values of and . If is not a multiple of then and are coprime because is prime; so by Fermat's little theorem
and therefore, using the first expression for ,
.
If instead is a multiple of , then
.
Using the second expression for , we similarly conclude that
.
Since and are distinct prime numbers, they are relatively prime to each other, so the fact that both primes divide med − m implies their product divides med − m, which means
.
Thus,
.
*names as an example
Guest- Guest
Re: Security Alert [GPCODE.ak]
oh god that was complicated abid bro ... u r software engineer not me .... am simple media man
but ye if there are more updates or precautions den do leme knw please
thnks alot for ur great contibution 1
but ye if there are more updates or precautions den do leme knw please
thnks alot for ur great contibution 1
luv.inspecta- Legendary Member
-
Number of posts : 1642
Age : 38
Location : saudi arabia
mig33 username : luv.inspecta
Registration date : 2008-05-19
Re: Security Alert [GPCODE.ak]
v.complicated ...!
yA! em gna b here luv! ... to provide news & updates regarding gpcode.ak variant to all respected member
yA! em gna b here luv! ... to provide news & updates regarding gpcode.ak variant to all respected member
Guest- Guest
Re: Security Alert [GPCODE.ak]
why kaspersky is trying to dyscrypt a file ????
3072encryption is being used and and it has been recommended to use higher why because of security issues
its only a presumption that if n = 2048 or larger the key will be broken
but computer world work on no presumption i think a person with powerful computer can break to 1024 bits. hackers has better knowledge that officials.
dude 256 are broken in few hours
now a days rsa are rarely used in bank and finincial trangiction
Elliptic Curve Cryptography ecc,is used widely in all security things
ECC requires much smaller keys than RSA to provide the
equivalent security; also, ECC is extremely computationally efficient
providing savings in terms of time, memory, bandwidth, and energy
consumption.
finally 256 bit eec key is equavelent to 3072 bit rsa key
now see the scene is rsa secure
good topic
3072encryption is being used and and it has been recommended to use higher why because of security issues
its only a presumption that if n = 2048 or larger the key will be broken
but computer world work on no presumption i think a person with powerful computer can break to 1024 bits. hackers has better knowledge that officials.
dude 256 are broken in few hours
now a days rsa are rarely used in bank and finincial trangiction
Elliptic Curve Cryptography ecc,is used widely in all security things
ECC requires much smaller keys than RSA to provide the
equivalent security; also, ECC is extremely computationally efficient
providing savings in terms of time, memory, bandwidth, and energy
consumption.
finally 256 bit eec key is equavelent to 3072 bit rsa key
now see the scene is rsa secure
good topic
Re: Security Alert [GPCODE.ak]
ya! gYm...! here some more explaination for users to understand.. if someone can understand this complex thingy :P hehehe!
Benefits:
<OL style="MARGIN-TOP: 0cm; COLOR: rgb(51,102,255)" type=1>
<LI class=MsoNormal><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Tahoma"><FONT color=black><FONT face="Comic Sans Ms">Compared to RSA : smaller key size for an equivalent amount of security.
Benefits:
<OL style="MARGIN-TOP: 0cm; COLOR: rgb(51,102,255)" type=1>
<LI class=MsoNormal><SPAN style="FONT-SIZE: 10pt; FONT-FAMILY: Tahoma"><FONT color=black><FONT face="Comic Sans Ms">Compared to RSA : smaller key size for an equivalent amount of security.
Guest- Guest
Re: Security Alert [GPCODE.ak]
well abid that is even more comlicatd now ... hehehe
sorry am complanin again n again ... but atleast sumthngs is gettin in my head reather then havin nuthing in it about this virus stuff ....
thx alot for xplanin it more ... keep it up !
sorry am complanin again n again ... but atleast sumthngs is gettin in my head reather then havin nuthing in it about this virus stuff ....
thx alot for xplanin it more ... keep it up !
luv.inspecta- Legendary Member
-
Number of posts : 1642
Age : 38
Location : saudi arabia
mig33 username : luv.inspecta
Registration date : 2008-05-19
Re: Security Alert [GPCODE.ak]
ya!... encrytion-decrpytion sure is very complex thingy...! lolzzZ ... well why not to create a new thread if v gotta discuss on RSA vs ECC :P ...
Guest- Guest
Re: Security Alert [GPCODE.ak]
inspecta i will try to make it clear
encrypy means to code a thing encryption is coding related
in a very layman term in my hotmail address is encrypted i dyscrypt with a password
dyscrypt means opening a closed file (laymans defination)
now what u have to understand here dude
any security system banking financing national security and online business vendors encrypt there data
there are two keys for is one is for the users and one is there
to break that security u have to dyscrypt things which are enycrypted
encryption power is measured in bits
more stronger the bit is more banthwidth and powerful computer is required to illegally break the security which is coded in bits
if suppose u are a bank owner so u will encrypt ur datas and savings in rsa or ecc
suppose i am a hacker i want to hack u and u encrypted at 256 bits
this is the minimum bandwith i will require to break ur security system
an for that i nee a powerful computer
and now look at below graph it compare ecc with rsa
both are encrypting method
the lower line in horiontal axis shows ecc look at that graph
the vertical line shows the keysize(power of encryption0
and see carefully
ecc method achives the same power of encryption at nearly 500 bits which rsa acheives at around 6000 bits
so less resources and bandwith is needed in ecc to aguire the same security status which is obtained by rsa at high bandwith
read that first then say thank ilove inspector cos i will ask u question to confirm u understood or not
encrypy means to code a thing encryption is coding related
in a very layman term in my hotmail address is encrypted i dyscrypt with a password
dyscrypt means opening a closed file (laymans defination)
now what u have to understand here dude
any security system banking financing national security and online business vendors encrypt there data
there are two keys for is one is for the users and one is there
to break that security u have to dyscrypt things which are enycrypted
encryption power is measured in bits
more stronger the bit is more banthwidth and powerful computer is required to illegally break the security which is coded in bits
if suppose u are a bank owner so u will encrypt ur datas and savings in rsa or ecc
suppose i am a hacker i want to hack u and u encrypted at 256 bits
this is the minimum bandwith i will require to break ur security system
an for that i nee a powerful computer
and now look at below graph it compare ecc with rsa
both are encrypting method
the lower line in horiontal axis shows ecc look at that graph
the vertical line shows the keysize(power of encryption0
and see carefully
ecc method achives the same power of encryption at nearly 500 bits which rsa acheives at around 6000 bits
so less resources and bandwith is needed in ecc to aguire the same security status which is obtained by rsa at high bandwith
read that first then say thank ilove inspector cos i will ask u question to confirm u understood or not
Similar topics
» HEALTH HAZARD ALERT
» The Top 5 VoIP Security Threats of 2008
» NEWEST VIRUS ALERT: UPS Delivery Failure
» ESET Smart Security 4.0.226 RC
» ZoneAlarm Extreme Security 8.0.298.000
» The Top 5 VoIP Security Threats of 2008
» NEWEST VIRUS ALERT: UPS Delivery Failure
» ESET Smart Security 4.0.226 RC
» ZoneAlarm Extreme Security 8.0.298.000
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
|
|