What is Digg?Sponsored by Best Buy
Best Buy casts another employee in holiday campaign. view!
youtube.com/bestbuy0 - Jarice Brodie has done some cool things in his life. Next: Best Buy’s holiday campaign.
51 Comments
- zweben, on 10/12/2007, -0/+27This makes them more money than a 'real' job.
- flameboy, on 10/12/2007, -0/+18Question: Cant we just track them through their bank accounts?
- Beanlover, on 10/12/2007, -0/+14Good backups defeat this EVERYTIME.
(runs off to check backups) - niczar, on 10/12/2007, -0/+13It's not the virus that's encrypted, it's the victim's DATA. And she has to pay the author to get the key to decrypt it back.
- violentvinyl, on 10/12/2007, -0/+10"They're talking about the antivirus software having trouble decrypting the binaries of the viruses to properly detect them. Did you RTFA?"
You should probably read it again before you accuse others of not reading the article. - Charlotte_Web, on 10/12/2007, -2/+12Actually, it has worked against terrorists; we've frozen hundreds of millions of dollars in terrorists's bank accounts. While defeating terrorism is a lot more complex than simply freezing bank accounts, that's hundreds of millions of dollars that aren't being spent on terrorist activities.
- violentvinyl, on 10/12/2007, -0/+9Tracking isn't the problem, extradition is.
- nTensify, on 10/12/2007, -0/+8"I believe this is called a zero day attack."
A Zero-day attack is a virus that hits before the identification of the vulnerability used in the attack is known. The virus appears on the "Zeroth" day of discovery. That being said, any virus that sits idlely on its hands and waits is putting itself at risk of being discovered by the computer user and removed with extreme prejudice, so it makes much more sense for the virus to attack as soon as possible. - ScrewedThePooch, on 10/12/2007, -0/+8These types of people should be shot. Why is so hard for people to get real jobs?
- sundancekid503, on 10/12/2007, -1/+8--SDSfmmdmm4398fj9wsv98j28fn87erv97qbvf71yq8bx vtr8swv9s8vcvin...............239er8jw98jc02r10====-03r928jf
sfdgsdfg.s.///345t/3tg/gf341r][;'.c.2#$%1-------
This comment has been hijacked and encrypted - Send me $200 if you wish to read it - NSResponder, on 10/12/2007, -3/+10Terrorists have countries that support and hide them. Spammers aren't nearly so well-connected.
-jcr - nartfocker, on 10/12/2007, -0/+6They're not talking about decrypting (or detecting) the binaries - they're talking about recovery of encrypted data. Which makes the whole article rather pointless - of course anti-virus software won't be able to decrypt arbitrary encrypted data - if it ever could, we'd have big problems.
BTW, the full article that the linked article waters down is here: http://www.viruslist.com/en/analysis?pubid=191951869#gpcode - catoutfit, on 10/12/2007, -2/+7PayPal froze my account once..
- violentvinyl, on 10/12/2007, -0/+5"Which makes the whole article rather pointless - of course anti-virus software won't be able to decrypt arbitrary encrypted data - if it ever could, we'd have big problems."
Excellent point. I think it represents a shift in the way the AV industry should be focusing. Decryption shouldn't be their concern, preventing the spread of this virus should be. - dudemcgee, on 10/12/2007, -1/+6@sembetu
That wouldn't really matter. These programs encrypt your documents, so if they are delayed, then your backups still have plaintext versions of your documents. You might have backed up the virus, but that doesn't mean when you restore from a backup you'll restore the virus. For example, I really only care about my email and my home folder, so I back those up. If the virus encrypts them later I still have access to the backed up unencrypted files, even if I did back the virus up.
Now here's one alternative. Have the virus start by encrypted a few files every 2 weeks. Preferably deep inside directories. That way there's a chance that some important files were caught on the backups and the user threw the old backups away. - mzwaterski, on 10/12/2007, -0/+4If the author never turns over the key, he can only extract ransom from one person (or a few people in a short period). Otherwise, the next guy in line simply says: "I'm not going to give you money because you won't give me the key anyway." If you have a reputation of taking the money and turning over the key, people will be more willing to pay. Of course, it creates that pesky problem of having to know the key as was stated above...
- DocNo, on 10/12/2007, -1/+5@nTensify
If you aren't already backing up your data, you've got bigger problems than potential malware that might encrypt your data :p - nTensify, on 10/12/2007, -1/+5"Terrorists have countries that support and hide them. Spammers aren't nearly so well-connected."
Do they need to be? And who said anything about spammers, these guys are kidnappers, they want your money by you directly giving it to them, not by sending out spam.
Besides, it's still way easier to simply turn the money into cash and disappear with it, especially if you use less traceable methods of cash transfers (Cayman Islands? Gift cards? Cash?) Simply make them mail you the money in some address in a country that doesn't have extradition laws to the country in question (whatever that country may be). Make it a "mailbox's etc" type-location in that country, use someone off the street to pick up the money from the box (if anyone sends it) and you're virtually invisible.
People writing this software are much more clever than we give them credit for, much like the terrorists, and I don't think the tactic will work on either of them. - clf99, on 10/12/2007, -0/+3is anonymous electronic money actually a reality? like cybercash or whatever?
how else could they get away with this without getting spanked? - rideaurocks, on 10/12/2007, -0/+3"Even if they don't know the keys, If I were head of a security service of a country then I would have none whatsoever prohibition into torturing the hell out of a person that yeapordises key techfields and economy."
Now say "nuclear wessels". - violentvinyl, on 10/12/2007, -0/+2That's a good idea, I was trying to think of how you could make sure every-ones key was different, but could still be discovered by the originator of the virus in exchange for the ransom. Digg++
HOWEVER, if both symmetric keys are generated locally, then that's a weak point, and its exploitable, and fixable by an AV company, or a knowledgeable IT guy (given enough time).
We really should be charging SOMEONE for this. - nartfocker, on 10/12/2007, -0/+2The "ransomware" could generate a unique suitably large symmetric key on each infected machine, encrypt data with it, then encrypt the symmetric key with the culprit's suitably large public key. Only the culprit could provide the service of decrypting the symmetric key.
- usbserial, on 10/12/2007, -0/+2No encryption is unbreakable... its just a matter of processing power and time.
660-bit encryption would probably take quite a bit of both, to the point where ordinarily it take too long to be useful. A large network working on it, or a supercomputer could probably break it without a huge delay.
The problem arises when "randomware" would use such encryption that it would take decades even for several supercomputers to break. - violentvinyl, on 10/12/2007, -0/+2@nTensify
I couldn't imagine a 660 bit private key being found with a dictionary attack. I assume when they say "our analysts were able to add decryption routines for files which had been encrypted using this key" they're talking about hashes. - lnxaddct, on 10/12/2007, -0/+2A 660-bit key (assuming one computer would take 30 years to crack it) could be brute forced in 5 days using a 2048 node cluster of similar specs, and 2048 node clusters aren't exactly hard to come by for companies, in particular if they got a U.S. agency involved by arguing that it was a matter of national security. Hell, if they had access to a larger cluster (4096 nodes or even more) this could be done in no time. 660 bit keys haven't been considered secure for some time now.
- glinsvad, on 10/12/2007, -1/+3660-bit means there are 2^660=4.784065733063811E 198 combinations. It can be done within reasonable limits if you have access to powerful computers.
Generally 1024-bit is considered safe since there are then 2^1024=1.7976931348623157E 308 combinations. Thus 1024-bit will in average require a factor of 3.7576681324381323E 109 more time than 660-bit.
With the current computer power available to humanity, this brute force method would probably outlast the universe. However computer power is still increasing so... - OBKenobi, on 10/12/2007, -0/+2Yes, through a series of transactions.
- violentvinyl, on 10/12/2007, -0/+2@nartfocker
I think you read it wrong. "This latest variant used a 660 bit key, the longest key which has ever been broken." means it has been broken.
It's interesting to see the numbers on how long keys of different bit sizes take to crack, even more so though is the techniques they use to cut that time down. With a little math, one could exponentially cut down the time it takes to crack a given key length vs. the time it takes to brute force it (which can be years, even when distributed across tens of thousands of computers for a key length as small as 64 bit). - nartfocker, on 10/12/2007, -0/+2According to the original article (http://www.viruslist.com/en/analysis?pubid=191951869#gpcode), they say the "got lucky". Maybe they just paid the ransom?
- nTensify, on 10/12/2007, -0/+2Not if they simply don't know the keys..
It makes no sense to me why a ransomware author would ever turn over the key, even if they did know it (and their code didn't simply hash the time the virus was ran to the microsecond and encrypt against that key). Besides, torture's pretty messy, and it all can be avoided with hypervigilant backups. - nTensify, on 10/12/2007, -0/+2"According to the original article (http://www.viruslist.com/en/analysis?pubid=191951869#gpcode), they say the "got lucky". Maybe they just paid the ransom?"
Or they just used a dictionary and the key happened to be in it, thus they "got lucky" by already knowing the key.
That being said, they could start generating massive hash tables now for commonly used keys, but distributing those with their anti-virus solutions would really suck, and it would suck even more if they used incredibly complex hashing systems used to make keys of hundreds of characters mixed with things like "microsecond of virus running", numbers that won't be in any dictionary file (or any reasonable dictionary file for that matter). - o0joshua0o, on 10/12/2007, -1/+2This happened to me once. I had a toaster running Linux that got a bad case of ransomware. They threatened to keep burning my toast unless I sent them $25,000 USD.
- nartfocker, on 10/12/2007, -0/+1Interesting: the original article doesn't actually say they broke the encryption. Perhaps they really did pay the ransom for the key?
"This latest variant used a 660 bit key, the longest key which has ever been broken. According to estimates, it would take at least 30 years using a 2.2 GHz computer to break such a key. But luck was on our side - our analysts were able to add decryption routines for files which had been encrypted using this key to antivirus databases within a single day. I won’t go into details here; suffice it to say this particular decryption will go down as a milestone in computer virology." - stygiansonic, on 10/12/2007, -0/+1I'm not an expert in encryption/crytography, but certain encryption systems can only use certain keys from a set. So, even if the "key length" is 660 bits or whatever (a huge number), for some systems, only certain values from that set can be used, (eg. prime numbers) can be used, so it's not as if all values are possible.
- Yaa101, on 10/12/2007, -0/+1These people that make the extortionware better be carefull, torture will probably the way that keys will be released by them.
- FlyboyP, on 10/12/2007, -0/+1None of us will ever see this on our desktops, e.g. a virus or worm. This kind of thing will be targeted at corporate data stores of high value.
- gbitten, on 10/12/2007, -0/+1@glinsvad
Your key strength calculation is wrong. Asymmetric key strength aren't related with trying all possible keys by brute force but depends of certain mathematical problems such as integer factorization. So, RSA with 1024 bits is equivalent to 80-bit symmetric key. See more here:
http://en.wikipedia.org/wiki/Key_size#Asymmetric_algorithm_key_lengths - Dracker, on 10/12/2007, -0/+1@sembetu
If it's a time bomb, and your backups have the virus .. set the clock back before restoring the backup.
Then update antivirus software which WILL have virus info enough to identify the executable, and back everything but THAT up, set clock forward, restore. - Markie1006, on 10/12/2007, -0/+1A more effective method would be to encrypt one random file every day for a month or two until the trigger date.
It would be extremely difficult to find, and how would you know how far to go back to make sure you got a clean version of everything? - ditoa, on 10/12/2007, -0/+1Yes and no. It is possible however if they are not in a "friendly" country there isn't much that can be done. The problem is this kind of stuff comes from poor countries and so governments see it as a type of white colar crime that is bringing money into the country. Nobody is hurt just some people lose their family pictures, annoying but not the end of the world. Also as the governments are almost always corrupt to some degree (this is true in every country) they tend to let it continue for a cut of the profits. Its a shame but thats why this stuff continues to happen. Its the same with spam.
- Xiol, on 10/12/2007, -1/+1How are the AV companies decrypting this data? I thought a 660-bit key was unbreakable?
- poetic, on 10/12/2007, -2/+2Unfortunately this may be abused rhetorically to raise opinion against encryption, by making people believe (by association) that encryption is the cause of evil, and not weak security.
- joelthelion2, on 10/12/2007, -2/+1This is such a stupid article: "The antivirus industry can't decrypt cryptography!" Nor can they recover your data if your HD burns in a fire of if aliens abduct your laptop.
That people digg this kind of stuff is beyond me. - BobTurbo, on 10/12/2007, -3/+1This story is stupid. Nobody cares if antivirus companys can't unencrypt the data. The virus could have just deleted the data wow. That is like better than 1000000bit encryption. Back up your data. It is freakin simple and easy.
- wvdavis, on 10/12/2007, -3/+1These scumbags suck!
- sembetu, on 10/12/2007, -8/+4You know, if I were the sort of prick who would dream up such malicious software, I would elect to have the virus delay the attack until after a specified time frame, I believe this is called a zero day attack. In any case, that would defeat even a backed up system, since more than likely you would have already backed up the virus.
- Yaa101, on 10/12/2007, -5/+0Even if they don't know the keys, If I were head of a security service of a country then I would have none whatsoever prohibition into torturing the hell out of a person that yeapordises key techfields and economy.
- devJohn, on 10/12/2007, -10/+3They're talking about the antivirus software having trouble decrypting the binaries of the viruses to properly detect them. Did you RTFA?
- devJohn, on 10/12/2007, -10/+1Not exactly the newest technology, just more false hype. In September 25, 2000 there was a virus called Hybris ( http://www.tnl.net/who/bibliography/hybris/ ) ( http://www.symantec.com/security_response/writeup.jsp?docid=2001-011610-0848-99 ). The plugins were encrypted with a 128-bit RSA key but, unlike this article, it wasn't the end of antivirus viability. The fact of the matter is that some part of the virus has to be decrypted at some point to be ran and heuristics work to determine the behavior of viruses rather than a pattern that looks like one. If you have a good heuristics engine running on a system BEFORE any infection occurs then it shouldn't matter how encrypted it is.
- nTensify, on 10/12/2007, -15/+4Right. That's worked /so good/ for us against Terrorists, it'll work great for data kidnappers.
This thing plus a major Windows Security Vulnerability will equal the end of Microsoft as we know it, especially if it spreads to proportions like that of any of the Worms of 04'. Think it's about time we start investing in some major backup solutions..
Browsing Digg on your phone just got easier with our enhancements to the 
© Digg Inc. 2009
— Content created and posted by Digg users is