• IDP Daily Update #1251
  posted: 08/28/08
  
• NSM Daily Update #1251
  posted: 08/28/08
  
• Deep Inspection 5.3r5 and above, 5.4, 6.0 #1251
  posted: 08/28/08
  
• Deep Inspection 5.1, 5.2, 5.3r4 and below #1227
  posted: 08/28/08
  
• Deep Inspection 5.0 #1132
  posted: 04/01/08
  
• Antivirus
  posted: 08/28/08

Text Size:        

• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Virus.Win32.GpCode.ae

01 Jun 2006 20:14:00 +0400

Kaspersky Lab has detected a new variant of a cyberblackmail virus - Virus.Win32.GpCode.ae. It is currently spreading on the Russian Internet. It encrypts user files; the author then demands money for decrypting the files.

The encryption program can be detected using the current antivirus databases. It will be detected as Virus.Win32.GpCode.ad, the previous variant of this program. This means users do not need to update their antivirus databases in order to check whether or not their machines are infected by this latest variant.

This latest variant differents from the previous one in that it uses a more secure encryption algorithm - RSA 260 bit rather than RSA 67 bit.

A decryption routine has now been added to Kaspersky Anti-Virus, and has been released with the most recent antivirus database updates. This latest update will decrypt encrypted files automatically.

The virus creates a text file on the victim machine which contains the following text:

Kaspersky Lab strongly recommends that anyone who has had files encrypted should contact the Virus Lab. Under no circumstances should users give in to blackmail, as this will encourage the authors of this program to create new versions.

If your files have been encrypted, please send them to the Virus Lab at newvirus@kaspersky.com.