, SecurityFocus 2008-06-13
Antivirus firm Kaspersky Lab called on Internet users last week to help crack the encryption used by the latest variant of a malicious program that scrambles victims' files and then demands payment for the decryption key.
The program, dubbed Gpcode by the Russian antivirus firm, appears to be a Trojan horse that is spread through e-mail and USENET newsgroup postings. While previous versions have had flawed encryption implementations, the latest version -- Gpcode.ak -- appears to have eliminated the flaws that allowed reverse engineers to find earlier keys. While the malicious program has not compromised many systems yet -- Kaspersky Lab has reports of "hundreds" -- the company has made finding the 1,024-bit key a priority.
"So we're calling on you -- cryptographers, governmental and scientific institutions, antivirus companies, (and) independent researchers -- join with us to stop Gpcode," the company stated last Friday on its forum. "This is a unique project -- uniting brainpower and resources out of ethical, rather than theoretical or malicious considerations."
Gpcode first appeared in December 2004, according to Kaspersky, but the amateurish programming allowed antivirus firms to help victims decrypt their scrambled files. In June 2006, the steady improvements in Gpcode ceased and until last week, no new variants were seen, Kaspersky Lab stated.
The latest variant of the virus, first reported on June 4, appears to not have the implementation flaws of previous versions. While 1,024-bit keys are considered weak for high-security applications, the encryption is strong enough to foil reasonable attempts to brute force the solutions, said Bruce Schneier, chief technology officer for managed-security service provider BT Counterpane and an encryption expert.
"It's just not a reasonable task to ask the Internet to do," Schneier said.
Some experts criticized the company for creating a community effort around a problem that, even if solved this time around, likely will not help in the long run. Vesselin Bontchev, a well-known computer antivirus researcher, criticized the project as a "wildly optimistic" and amounting to little more than a public-relations stunt.
"The task is really hard," Bontchev said in an e-mail interview. "Grid computing would solve (the problem in) much less time, but 'much less' than half an eternity is still quite a lot."
The company's factoring project highlights that the relative ease with which antivirus companies have dealt with ransomware are at an end. Using larger keys that change on a frequent basis costs the extortionist very little, while making defenders' jobs mathematically impossible.
The company clarified, however, that it's more interested in getting help in finding flaws in the encryption implementation.
"We are not trying to crack the key," Roel Schouwenberg, senior antivirus researcher with Kaspersky Lab, told SecurityFocus. "We want to see collectively whether there are implementation errors, so we can do what we did with previous versions and find a mistake to help us find the key."
Schouwenberg agrees that, if no implementation flaw is found, searching for the decryption key using brute-force computing power is unlikely to work.