Kaspersky Lab has announced details of their encounter with the writer of the Gpcode blackmailer virus. According to Kaspersky Lab, users are careless about protecting their PCs from malware.


Kaspersky Lab has announced details of their encounter with the writer of the Gpcode blackmailer virus. According to Kaspersky Lab, users are careless about protecting their PCs from malware.

The Gpcode spread through an email. The email was originally written in the Russian language.

The email stated that it is in regard to a resume that the user has posted on the job.ru website and informs about a job opportunity in a company.

The email invites the user to fill an application form attached to the email if the user is interested in the job.

The attachment is an MS Word doc file called anketa.doc. The file contains a malicious program called Trojan-Dropper.MSWord.Tored.a. When a user opens the attatchment the program installs another malicious Trojan called Trojan-Downloader.Win32.Small.crb on the user’s PC.

The Trojan then downloads the Gpcode and installs on the user’s PC.

Gpcode scans the files on a computer and encrypts files with extensions including .txt, .xls, .rar, .doc, .html and .pdf. The Trojan also encrypts mail client databases.

The Trojan includes a file called readme.txt in all folders containing encrypted files. The text file instructs the user on how to buy a decoder for the encrypted files.

LINKS:

For more information on the Gpcode, click here.

To read the complete story of Kapersky Lab’s encounter with Gpcode’s writer, click here.

For information on the company, visit Kaspersky Lab.

 

 

 

 

Sharing is caring