Tuesday, 29 September 2009

Microsoft AntiVirus Tool

I blogged about intial beta release of Free Antivirus by Microsoft back in june. Now Microsoft are providing the full version of AntiVirus which can be found here.
I've haven't tried and tested it. With the release of free AV Microsoft has joined other vendors like Avira and Avast. We should look this initiative by Microsoft from the security point of view as a significant step and would suggest Microsoft to install it by default on all the PC's sold with Microsoft OS. This is because there are awful lot of users who are not bothered to install Antivirus and fall prey to malware/Botnets infecting their communities. Microsoft being a major player in the OS market will definitely help many more users install antivirus (especially in developing economies China, Brazil, India and Russia).
Hope this will have positive effect on computer security community.

Saturday, 26 September 2009

File Encryptor (Ransomware)

Virus GPCode is a ransomware. Unlike other viruses this malware encrypts all the DOC, TXT, PDF, XLS, JPG, PNG, CPP, H extensions files using standard RSA algorithm with 1024 bit key.

As this malware uses 1024 bit key, its difficult for the reverse engineers to crack this encryption( not impossible though :-) ) . Gpcode uses Public Key Cryptography where the malware encrypts all the files with public key and can only be decrypted with private key which is held by the malware author.
According above security analysis the malware after encryption changes the file extension to '._CRYPT' and deletes the original file . After encrypting all the files the malware displays the message shown in the above picture. The scammers have provided the email id and demand the user to contact them to decrypt files.

So users be careful not to click links on unsolicited messages and dodgy websites. Have great weekend .