On 12 Jun 2008, at 03:05, James Muir wrote:
Just curious -- where were you able to download the virus from?
www.offensivecomputing.net
Just be careful. Do not run it. It does not spread itself, but it
will encrypt all the sensitive files on all the drives and then self-
destruct. If you w
Marcos el Ruptor wrote:
I've just looked at the virus.
Just curious -- where were you able to download the virus from?
-James
-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECT
- Original Message -
From: "Jerry Leichter" <[EMAIL PROTECTED]>
To: "Dave Korn" <[EMAIL PROTECTED]>
Cc: "Email List - Cryptography"
Sent: Wednesday, June 11, 2008 12:04:21 PM (GMT-0800) America/Los_Angeles
Subject: RE: Ransomware
| Why are
On 11 Jun 2008, at 20:13, Dave Howe wrote:
This would seem to imply they already verified the public key was
constant in the trojan and didn't differ between machines (or that
I'm giving Kaspersky's team too much credit with my assumptions).
I've just looked at the virus. Upon invocation, it
Leichter, Jerry wrote on 11 June 2008 20:04:
>> Why are we wasting time even considering trying to break the public
>> key?
>>
>> If this thing generates only a single "session" key (rather, a host
>> key) per machine, then why is it not trivial to break? The actual
>> encryption algorithm
| Why are we wasting time even considering trying to break the public key?
|
| If this thing generates only a single "session" key (rather, a host key)
| per machine, then why is it not trivial to break? The actual encryption
| algorithm used is RC4, so if they're using a constant key without
Dave Howe wrote on 11 June 2008 19:13:
> The Fungi wrote:
>> On Tue, Jun 10, 2008 at 11:41:56PM +0100, Dave Howe wrote:
>>> The key size would imply PKI; that being true, then the ransom may
>>> be for a session key (specific per machine) rather than the
>>> master key it is unwrapped with.
>>
The Fungi wrote:
On Tue, Jun 10, 2008 at 11:41:56PM +0100, Dave Howe wrote:
The key size would imply PKI; that being true, then the ransom may
be for a session key (specific per machine) rather than the
master key it is unwrapped with.
Per the computerworld.com article:
"Kaspersky has th
On Wed, Jun 11, 2008 at 11:53:54AM -0400, Leichter, Jerry wrote:
> Returning to the point of the earlier question - why doesn't someone
> pay the ransom once and then use the key to decrypt everyone's files:
> Assuming, as seems reasonable, that there is a "session" key created
> per machine and th
| > The key size would imply PKI; that being true, then the ransom may
| > be for a session key (specific per machine) rather than the master
| > key it is unwrapped with.
|
| Per the computerworld.com article:
|
|"Kaspersky has the public key in hand ? it is included in the
|Trojan's cod
Allen <[EMAIL PROTECTED]> wrote:
> Agreed, but..., well there is the small matter of figuring out /who/ is
> doing it and that just might require some small bit of technology.
Certainly, it is not mutual exclusive. However factor an RSA key
hardly can help with that.
> At least two defects in thi
On Tue, Jun 10, 2008 at 11:41:56PM +0100, Dave Howe wrote:
> The key size would imply PKI; that being true, then the ransom may
> be for a session key (specific per machine) rather than the
> master key it is unwrapped with.
Per the computerworld.com article:
"Kaspersky has the public key in
Jim Youll wrote:
If there's just one key, then Kaspersky could get maximum press by
paying the ransom and publishing it. If there are many keys, then Kaspersky
still has reached its press-coverage quota, just not as dramatically.
The key size would imply PKI; that being true, then the ransom ma
On Mon, 9 Jun 2008, Leichter, Jerry wrote:
> Even worse, targeted malwared could attack your backups. If it
> encrypted the data on the way to the backup device, it could survive
> silently for months, by which time encrypting the live data and
> demanding the ransom would be a very credible threa
Leichter, Jerry <[EMAIL PROTECTED]> wrote:
> Computerworld reports:
>
> http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9094818
>
> on a call from Kaspersky Labs for help breaking encryption used by some
> ransomeware: Code that infects a system, uses a public key
"Leichter, Jerry" <[EMAIL PROTECTED]> writes:
>Speculation about this kind of attack has made the rounds for years. It
>appears the speculations have now become reality.
It's not speculation, encryption virii have been around for at least ten
years, although the encryption used was pretty crude a
John Ioannidis wrote:
This is no different than suffering a disk crash. That's what backups
are for.
At Jim Gray's tribute on the 31st, Bruce Lindsay gave a talk about Jim's
formalization of transaction processing enabled online transactions ... i.e.
needed trust in the integrity of integrit
On Mon, 9 Jun 2008, John Ioannidis wrote:
| Date: Mon, 09 Jun 2008 15:08:03 -0400
| From: John Ioannidis <[EMAIL PROTECTED]>
| To: "Leichter, Jerry" <[EMAIL PROTECTED]>
| Cc: cryptography@metzdowd.com
| Subject: Re: Ransomware
|
| Leichter, Jerry wrote:
| &
On Jun 9, 2008, at 11:54 AM, Leichter, Jerry wrote:
Computerworld reports:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9094818
[...]
Apparently earlier versions of this ransomware were broken because
of a
faulty implementation of the encryption.
Leichter, Jerry wrote:
Computerworld reports:
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9094818
This is no different than suffering a disk crash. That's what backups
are for.
/ji
PS: Oh, backups you say.
then tells you you have to go to some
web site and pay for the decryption key.
Apparently earlier versions of this ransomware were broken because of a
faulty implementation of the encryption. This one seems to get it
right. It uses a 1024-bit RSA key. Vesselin Bontchev, a long-time
antivirus devel
21 matches
Mail list logo
