"What's in a Name?" wrote in
<news:484d77aa$0$3349$4c368faf@roadrunner.com>:

> Has everyone heard about this one?
>
> From ZDNet
> "Virus analysts at Kaspersky Lab have intercepted a new variant of
> Gpcode, a malicious virus that encrypts important files on an infected
> desktop and demands payment for a key to recover the data."
>
> http://blogs.zdnet.com/security/?p=1251&tag=nl.e539
>
> max

NOTE: FollowUp-To ingored. Reply posted to original list of newsgroups.


From a cursory scan of the articles and the ones to which is linked, and
from the dearth of information provided there, the pest infilitrates a
system and then encrypts files to hold them ransom until the user pays
to get a utility to decrypt them. The pest itself is not encrypted (as
something would have to unencrypted to decrypt it to run that executable
but that that other program is the pest). So the pest itself would
still be detectable even if morphed (since polymorphism for a large
number of variants will vaporize when the program gets loaded into
memory). So the anti-malware products could still alert on the pest
based on signature and definitely on heuristics if loaded (by watching
which apps use the crypto API).

Maybe this threat will make some users realize that they really should
be doing regular backups.