The approach itself is not new, with a report by Kaspersky Lab on malware evolution at Viruslist.com suggesting the first case of virus blackmail dates back to 1989. Trojans such as GpCode and Krotten have existed for some time, and the latter example has already seen more than two dozen variants with constantly changing encryption alogrithms. Users have been blackmailed for various amounts, often ranging anywhere from $10 to more than $2,000. Anti-Virus firm Sophos has written that a new virus reportedly threatens to delete one file every 30 minutes until a $10.99 ransom demand is paid.
What appears to be new in 2006 is the increasingly sophisticated encryption methods used by these viruses. GpCode is reportedly now using the strong and well-respected RSA encryption algorithm - albeit at only 56-bits in its latest variant.
SecurityFocus will be publishing an Infocus technical article on "malicious cryptography" early next week to take a closer look at this approach.
Posted by: Kelly Martin