If you read Vitaly's blogpost yesterday, you'll know that on the 4th June 2008 we detected a new variant of Gpcode, a dangerous file encryptor. Details of the encryption algorithms used by the virus are all in Vitaly's post and the description of Gpcode.ak.
Along with antivirus companies around the world, we're faced with the task of cracking the RSA 1024-bit key. This is a huge cryptographic challenge. We estimate it would take around 15 million modern computers, running for about a year, to crack such a key.
Of course, we don't have that type of computing power at our disposal. This is a case where we need to work together and apply all our collective knowledge and resources to the problem.
So we're calling on you: crytographers, governmental and scientific institutions, antivirus companies, independent researchers…join with us to stop Gpcode. This is a unique project – uniting brain-power and resources out of ethical, rather than theoretical or malicious considerations.
Here are the public keys used by the authors of Gpcode.
The first is used for encryption in Windows XP and higher.
The second is used for encryption in versions of Windows prior to XP.
The RSA exponent for both keys is 0x10001 (65537).
The information above is sufficient to start factoring the key. A specially created utility could be of great help in factoring.
We're happy to provide additional information to anyone involved in stopping Gpcode. To keep everyone up to date, we've set up a dedicated forum.