A Terrorist Trojan called PGPcoder?

It looks like not only terrorists and kidnappers can take hostages, but trojans too. A trojan called Gpcode (also known as PGPCoder) encrypts user's files with certain extensions and then asks for a ransom to "fee" (decrypt) them. This trojan got some media attention during past 2 weeks. According to media reports the authorities are investigating the case.
Luckily the trojan had a very simple encryption algorithm, so some AV companies were able to create a decryptor for the encrypted files (see www.f-secure.com) . You can find more info also at http://vil.nai.com/vil/content/v_133901.htm
Please note that this is NOT the first time we see some trojan like this. I hope everybody remembers the Aids Info Disk/PC Cyborg Trojan in 1989 where the writer also asked a ransom to decrypt ... seems that everybody especially the media has forgotten this one .. I haven't, as this was my first real Trojan I got in my hands. I started to work with viruses after this incident. Have a look at my press page ... http://www.anti-malware.info/press.htm and go to 'Eddy on television' to view my first interview concerning this.

Paris by night

... With Francois Paget (AVERT McAfee) ...The Eiffel Tower

Visiting McAfee France

Restaurant Au Vieux Paris d' Arcole with my friend Francois Paget (AVERT McAfee)

Visiting McAfee France

Paris La Defense...

Sober.q active now ...

In the meantime Sober.q or whatever you name it ... has become active, instead of sending copies it's sending spam messages now. This is quite the opposite from the message the Sober author included in his latest creation. These spam messages link to right winged articles. So in a way we're seeing the same story as with Sober.g again. Sober.g downloaded Sober.h, Sober.h in turn also sent out spam.

Microsoft nearly ready to offer Anti-Virus for home users.

Microsoft is readying a new consumer security product that offers virus and spyware protection, a new firewall and several tune-up tools for Windows PCs, a move that pits the software giant squarely against traditional security software vendors. The product, dubbed Windows OneCare, will be tested internally at Microsoft starting this week. A public test, or beta, version is scheduled to be available by year's end, Microsoft said in a statement this week. The final product will be offered as a subscription service, the Redmond, Washington, software maker says. OneCare marks Microsoft's long-anticipated entry into the antivirus space, until now the domain of specialized vendors such as Symantec, McAfee, and Trend Micro. Microsoft announced its intent to offer antivirus products two years ago when it bought Romanian antivirus software developer GeCAD Software SRL. But OneCare will do more than guard against viruses and worms. The product also will include spyware protection and a new firewall that scans incoming and outgoing traffic. The firewall already included in Windows scans only incoming traffic. Microsoft acquired anti-spyware technology late last year from Giant Company Software. A beta of a stand-alone anti-spyware product has been available since January. That technology will be part of OneCare, company representatives say. Additionally, OneCare will offer improved backup and restore capabilities and easy access to PC maintenance tools already in Windows for file repair, hard drive clean up, and hard drive defragmentation, Microsoft says.
OneCare is targeted at consumers, not businesses. Microsoft is especially looking to target the 70 percent of consumer PC users who don't have protection because current offerings are too complex or take too much time to manage. OneCare includes a PC "health meter" similar to the Windows Security Center in Windows XP Service Pack 2. The health meter will display green, yellow, or red to indicate the state of the PC and OneCare will help users take action, if needed.

Back home ...

The EICAR conference was a success. Over 100 participants, good papers and a wonderful venue. The only strange thing was the outbreak of Sober.P during the conference, the third in one row.. coincidence ? .. If we know more I'll let you know... let's see next year or let's have a look to the other upcoming conferences this year. We got some press coverage of the complete conference at our press page http://www.anti-malware.info/press.htm . If you understand Maltese you can even follow the piece we've got in the News of Malta PBS TV. Next year the conference venue will be possibly Germany.

After the conference

The Temple of Hagar Qim(3500 BC) and I...

Eicar 2005

The closing panel session (stageview)

Outbreak during Eicar conference

For the third time during the conference we got an outbreak, this time a small one called Sober.P ... I predicted this ... Read my Blog

Eicar 2005 picture...

Lunchtime

Eicar 2005 in the press

Speech by Hon. Austin Gatt, Min. for IT...Afterwards I was interviewed by a local TV station PBS ... more later!

Eicar 2005

Meet the expert reception with David Perry from Trendmicro

Eicar 2005 exploded

Just before the real start...

Eicar 2005 in the picture.

The food...