This implementation was lame, but imagine if the attackers actually implemented it correctly? The really hard thing is to get away with the money from the payments...but the cryptovirus concept could be extremely malicious. Without giving away the store, imagine an install time key gen with appropriate key management applied.

Of course, the attackers still have to get the application running on your machine, and to transfer the money out of the country to some place that doesn't have an extradition treaty with the US or EU...Iran or N. Korea for instance.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/newsbriefs/162/801#801