Extortion Virus Code Cracked 371
Billosaur writes "BBC News is reporting that the password to the dreaded Archiveus virus has been discovered and is now available to anyone who needs it. Archiveus is a 'ransomware' virus, which combines files from the My Documents folder on Windows machines and exchanges them for a single, password-protected file, which it will not unlock unless a password is given. The user would normally be required to pay the extortionist money in order to receive the password, but apparently the virus writer made one small, critical error in coding: placing the password in the code. BTW, the 30-digit password locking the files is mf2lro8sw03ufvnsq034jfowr18f3cszc20vmw."
ummm (Score:5, Interesting)
weird (Score:5, Interesting)
Re:Just wait... (Score:4, Interesting)
Re:Just wait... (Score:5, Interesting)
In fact the whole idea of cryptography revolves around the encryption algorithm telling you nothing about a method to decrypt the data it encrypts (At least without a certain key). These are called trapdoor one-way functions.
The most realistic way I can think of writing such a virus would be to provide and encryption algo in the virus and then provide a decryption program when the intended victim has paid you the money. Now aren't you glad I'm not writing viruses?
Obvious problem (Score:5, Interesting)
Eventually you're gonna piss off the wrong person.
Imagine the DoD or the CIA getting hit with this. They lookup the registar of the sites you are supposed to buy the drugs from. They then go visit that registar's main office (borders, what borders? we're the CIA, we've never paid attention to soviernty in the past.). They politely ask the registar to hand over all information on the person paying for the domain name (for the definition of polite which involves pointing guns at and kicking people in the head). Once they know who is paying for the web sites (credit info/check info), they visit that person and politely ask for the password to unlock the virus (same definition of polite).
If it's the DoD which gets hit, replace CIA with a Navy SEAL team.
Re:Consider this a warning (Score:2, Interesting)
Re:Wrong (Score:3, Interesting)
First up, a man in the middle attack requires that someone spotting the virus on its way to your computer, and re-writing the public key parts. So, not really an issue here. Mostly, the poster appears to be confused with using public keys for verifying identity.
Problem is, however, that the same private key would unlock all ransomed files. The virus actually needs to be able to get a new public key for each computer in infects, which means having a remote site accessible for it to register with, and request a new key from.
I'm assuming fairly standard RSA here. There is the possibility that someone could make a more complex cipher; so you start with a private/public key, and the virus carries the public key. On arrival at a system, it generates another public/private key pair, from the public key, which it would encrypt the files with, then destroys the private key. The public key it just generated would then be sent back with payment, the virus author creates a unique decryption key from that public key, and their private key, and sends it in turn back. Hell, it may be possible to do this with RSA, I'm not that much into crypto.
Luckily, anyone bright enough to figure that all out can probably earn plenty of money legally
Going back to stuff I should be doing, now.
Re:Arrest? (Score:3, Interesting)
When spammers send out e-mails they're not looking for respones, and don't particularly care if people can get back to them. They're pointing them to websites.
This guy was probably taking payment online via some online system. Depending where its based, its possible they could get the records and track this guy down.
Re:Just wait... (Score:5, Interesting)
As a loyal slashdot member, I had not bothered to read the article before posting. I actually did go back and read it, and you'll never guess how the ransom is paid. The victims are asked to go buy drugs at one of three online "pharmacies". Curious, eh?
Re:Closed Systems & Encryption? (Score:2, Interesting)
Major flaw (Score:2, Interesting)
There is a major flaw with the whole ransomware idea and it is that they are actually the most benign kind of virus. They just encrypt your files instead of deleting it? If someone's information is important enough to be worth paying for recovering it should already have a backup copy.
Then the real problem problem for the hacker is getting the money without losing his secret identity
Re:My Lord what are we coming to (Score:2, Interesting)
Well, that's how I would have done it (or tried to do it). For that matter: why isn't GPG as mainstream as milk?
Re:Base 13 Jokes (Score:5, Interesting)
Re:What relief! (Score:4, Interesting)
Unfortunately, you cannot use it. To do so would be to circumvent an effective access control method. That, in turn, would put you in violation of the DMCA.
I'm not joking. I'm serious. You are breaking the law if you use this code without having gotten it from the virus writer. Draw your own conclusion about the DMCA from that.
I'm not a lawyer. This is not legal advice.