The $160Billion question?

The security focused news-wires have been busy this past week reporting on the impact of ‘ransomware’. This is in response to the discovery of a new variant of Trojan.Gpcoder. This is a particularly nasty threat that uses public key cryptography to encrypt files on a person’s computer and subsequently requests payment from the user in order to recover the files.  What was newsworthy about the new variant was that it was using a 1024-bit encryption key. In lay-man’s terms, this means that it is tough to crack the code to release the encrypted data.

The latest variant of the virus, first reported on June 4, appears to not have the implementation flaws of previous versions. While 1,024-bit keys are considered weak for high-security applications, the encryption is strong enough to foil reasonable attempts to brute force the solutions. In a blog on the Symantec Security Response site, Eoin Ward, notes that by some estimates a machine that could break one 1024-bit RSA key in about a day, would cost $160 billion when adjusted for today’s prices. Wow!

Ransomware has been about for quite a while. It is a nightmare scenario for many users, However, it is relatively uncommon, simply because it is hard to ‘cash-out’. By that, I mean the ability of the bad guys to get money for it.  They have to setup a payment mechanism to get the ‘ransom’ and in doing so, they make themselves vulnerable to being detected.  In those cases that people have paid up, the ‘ransom’, has tended to be pretty low i.e. in the range of $50-$100. So, I don’t think there is any prospect of $160 billion being spent to solve this. So, what is to be done?

Well, what this incident brings to the fore is the need for regular backups. This will mean you have something to fall back to, if you were to fall foul of this type of attack. Now, whilst the debate rages on about how to generate a key to decrypt this variant of Trojan.Gpcoder, definitions have been created and released to identify it. Therefore, ensure your AV definitions are up-to-date.

June 16, 2008 | Filed Under Backup and restore, Data loss, Security | Leave a Comment 

When Malware becomes Crimeware

Now, without wanting to necessarily start an official book club – there are enough in the world without me getting into the act. I have had the opportunity in the past few weeks to read a couple of security focused books that I thought you may well be interested in and benefit from.  They both focus on the evolution of ‘malware’ into ‘crimeware’.  ‘Crimeware – understanding new attacks and defences’ is by Markus Jakobsson and Zulfikar Ramzan (www.informit.com/aw).  It is very comprehensive in its scope and helps the expert, and not so expert, understand and prevent specific crimeware threats.  What is does well is to explain how, from a technical standpoint, malware can and is used for the purposes of crimeware.  Zulfikar Ramzan is a colleague of mine here at Symantec and he has also roped in some other members of the team to help with some of the chapters. 

‘Zero Day Threat’, by Byron Acohido and Jon Swartz (www.sterlingpublishing.com), provides a further insight into the developing world of crimeware.  The authors are journalists with USA Today and they neatly manage to intertwine a narrative of a real-life ‘bust’ of an author of crimeware in Canada, whilst outlining the failures of Banks and Credit Bureaus to keep people save from crimeware.  It provides a good and thought provoking overview of what is and potentially could happen, without descending into the realms of deep technical analysis.

May 28, 2008 | Filed Under Data loss, Market trends, Security, Spam | Leave a Comment