Kaspersky Lab, a developer of secure content management systems, announces the launch of the Stop Gpcode international initiative.
The objective of the initiative is to factor (‘crack’) the RSA-1024 key used in Virus.Win32.Gpcode.ak – the latest version of the dangerous Gpcode blackmailer virus.
The signature for Virus.Win32.Gpcode.ak was added to Kaspersky Lab antivirus databases on June 4, 2008.
Different versions of the Gpcode virus encrypt user files of different types (.doc, .txt, .pdf, .xls, .jpg, .png, .cpp, .h etc.) using a strong RSA encryption algorithm with different key lengths. After encrypting files on a computer, the virus automatically generates a message informing the user that the files have been encrypted and demanding payment for a decryption utility.
Kaspersky Lab succeeded in thwarting previous variants of Gpcode when Kaspersky virus analysts were able to crack the private key after in-depth cryptographic analysis. Kaspersky Lab virus researchers have to date been able to crack keys up to 660 bits.
However, the new version of the virus, Virus.Win32.Gpcode.ak, uses a 1024-bit key. The task of ‘cracking’ the RSA-1024 key is an extremely complicated cryptographic problem.
Kaspersky Lab invites all cryptography experts, as well as governmental and research institutions, other antivirus vendors and independent researchers to join the efforts to solve this problem. The company is prepared to provide any additional information at its disposal and is open to dialog with all experts wishing to participate in the Stop Gpcode initiative. The company has sufficient information about the virus to enable experts to begin working on factoring the RSA key.