English
Log in
Search
The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service. Internet threat level: 1

HomeAlerts

Threat level 1

The Internet threat alert status is currently normal. At present, no major epidemics or other serious incidents have been recorded by Kaspersky Lab’s monitoring service.

Threat level 2

The Internet threat alert status is currently raised. At present, a malicious mass mailing or malware sample with previously unknown functionality has been detected.

Threat level 3

The Internet threat alert status is currently high. At present, there is a significant rise in reports of malware that exploits a critical vulnerability in the Windows operating system.

Threat level 4

The Internet threat alert status is currently critical. At present, malware levels are extremely high. Internet usage may be severely disrupted as the epidemic spreads.
Virus.Win32.GpCode.ae

Virus.Win32.GpCode.ae

06.01.06 16:14 GMT
Status : informational

Kaspersky Lab has detected a new variant of a cyberblackmail virus - Virus.Win32.GpCode.ae. It is currently spreading on the Russian Internet. It encrypts user files; the author then demands money for decrypting the files.

The encryption program can be detected using the current antivirus databases. It will be detected as Virus.Win32.GpCode.ad, the previous variant of this program. This means users do not need to update their antivirus databases in order to check whether or not their machines are infected by this latest variant.

This latest variant differents from the previous one in that it uses a more secure encryption algorithm - RSA 260 bit rather than RSA 67 bit.

A decryption routine has now been added to Kaspersky Anti-Virus, and has been released with the most recent antivirus database updates. This latest update will decrypt encrypted files automatically.

The virus creates a text file on the victim machine which contains the following text:

Some files are coded by RSA method.
To buy decoder mail: k47674@mail.ru
with subject: REPLY

Kaspersky Lab strongly recommends that anyone who has had files encrypted should contact the Virus Lab. Under no circumstances should users give in to blackmail, as this will encourage the authors of this program to create new versions.

If your files have been encrypted, please send them to the Virus Lab at newvirus@kaspersky.com.

Links

Kaspersky Anti-Virus database updates

Analysis

Malicious code evolution: July – September 2007
Blackmailer: the story of Gpcode

Weblog

New Gpcode - mostly hot air
Gpcode - here we go again
Another way of restoring files after a Gpcode attack
Gpcode update
Restoring files attacked by Gpcode.ak

Alerts

Virus.Win32.Gpcode.ak
Virus.Win32.Gpcode.ag
Virus.Win32.GpCode.af
Virus.Win32.GPCode.ac
Virus.Win32.GPCode.f, .g, .h, .i

© 1997-2010 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.

kaspersky.com

Products

eStore

Threats

Downloads

Support

Partners

About Us

Search

securelist.com

Threats

Analysis

Blog

Descriptions

Glossary

RSS feeds

Contacts

Search