Welcome to PChuck's Network News.

Tuesday, June 06, 2006

Happy Devil's Day

Today is 6/6/6, and we have a new devil noted.

Taking a cue from some earlier bad guys, the virus of the week, GpCode.af, will encrypt the contents of your hard drive, then leave you a message directing who to contact. Upon sending email to the instructed address, you will supposedly be provided with payment instructions.

This threat appears rather alarming.

  • One expert, Harry Waldron, notes that
    ...at the moment, we're still not 100% sure how this virus penetrates victim computers.
  • This devil is using a very high level encryption - One version uses RSA 330 bit. To bring this to an understandable reference, for those of you who have seen the WEP cracking video - I don't think you'll be recovering your computer, if infected by GPCode, quite as quickly as the demo shows a WEP AP being cracked.
  • F-Secure Virus Descriptions : Gpcode calls this
    ...a type of criminal activity that has not been seen for a long time.

Kaspersky Labs has very specific instructions for you, should you find yourself infected.

Kaspersky Lab strongly recommends that anyone who has had files encrypted should contact the Virus Lab. Under no circumstances should users give in to blackmail, as this will encourage the authors of this program to create new versions.

We certainly don't want this behaviour to spread. What if the bad guys discover that it's simpler to simply scramble your data, then ask for money? What do you do when the "password" that they deliver to you, in response to your "payment", doesn't work? Do you think you'll get your money back?

Interesting spam out too. SANS Diary Spam - spam - spam reports
Some of our readers report receiving messages apearing to originate from themselves, with only numbers as subject and body.

The number in the body, according to several DSL Reports members, appears to be

SANS Diary Spam - spam - spam further notes that

Some guesses as to what the cause of the spam might be have been received by now and I'd like to point out a few:

  • Today's date is the number of the beast, it might attract some old style hackers.
  • There is a possible link to Bagle seeding as it was done in the past and we might need to expect a new variant of it soon.

It's now 18:00 here in California. Most parts of the world are already into 6/7. Devils Day is almost over.

I don't think it's effects will end very soon though.

No comments: