AOH :: ISN-2779.HTM

Crypto malware close to being 'uncrackable'

Crypto malware close to being 'uncrackable'
Crypto malware close to being 'uncrackable'

  This message is in MIME format.  The first part should be readable text,
  while the remaining parts are likely unreadable without MIME-aware tools.

Content-Type: TEXT/PLAIN; charset=UTF-8
Content-Transfer-Encoding: QUOTED-PRINTABLE 

By John E. Dunn
July 25, 2006

File-encrypting Trojans are becoming so complex that the security
companies could soon be powerless to reverse their effects, a new
report from Kaspersky Lab has said.

The report notes the rapid evolution of the public key encryption used
by one family of crypto malware, Gpcode, which went from using 56-bit
to 660-bit RSA in a matter of weeks.

Commonly termed "ransomware," Trojans that encrypt data files on a
user's PC before demanding a payment in return for supplying the key
to unlock the files, have come from nowhere in recent months to become
a measurable problem.

At the time of the of its discovery in June -- which used a
formidable 660-bit key -- Kaspersky described the process required to
decrypt such a key as equivalent to setting a 2.2 GHz PC to work for
thirty years.

In the event, the company managed to work out the key using a
technique it was unwilling to reveal.

"We were able to decrypt 330 and 660-bit keys within a reasonably
short space of time," said Aleks Gostev of Kaspersky Lab. "But a new
variant with a longer key could appear at any time. If RSA, or any
other similar algorithm which uses a public key, were to be used in a
new virus, anti-virus companies might find themselves powerless, even
if maximum computing power was applied to decrypting the key," he

Gotsev raised the alarming possibility that victims could at some
point in the near future have their files encrypted in such a way that
the security industry would not be able to issue a fix. If this comes
to pass -- and Kaspersky's claims that the day is not far off are
plausible -- it will mark an important moment for the whole software
security industry.

The obvious answer could be simply not to allow ransomware on to a PC
in the first place, an approach that Gotsev and other security
companies will be keen to stress.

The other defense will have to be more assiduous pursuit of the
distributors of such products, or novel technical solutions that
prohibit the low-level interference with a computer's files-system
necessary for encryption to happen in the first place.

"Unfortunately, the authors behind the Gpcode, Cryzip, and Krotten
ransomware are still free. However, even if they are arrested, there=C2=92s
nothing to prevent other malicious users from implementing such
techniques in order to make money."

Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

Attend the Black Hat Briefings and
Training, Las Vegas July 29 - August 3
2,500+ international security experts from 40 nations,
10 tracks, no vendor pitches. 


Site design & layout copyright © 1986-2015 CodeGods