[125786] in cryptography@c2.net mail archive
Re: Ransomware
daemon@ATHENA.MIT.EDU (The Fungi)
Wed Jun 11 10:26:21 2008
Date: Tue, 10 Jun 2008 23:40:51 +0000
From: The Fungi <fungi@yuggoth.org>
To: cryptography@metzdowd.com
Mail-Followup-To: cryptography@metzdowd.com
In-Reply-To: <484F0334.6070209@gmx.co.uk>
On Tue, Jun 10, 2008 at 11:41:56PM +0100, Dave Howe wrote:
> The key size would imply PKI; that being true, then the ransom may
> be for a session key (specific per machine) rather than the
> master key it is unwrapped with.
Per the computerworld.com article:
"Kaspersky has the public key in hand ? it is included in the
Trojan's code ? but not the associated private key necessary to
unlock the encrypted files."
http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9094818
This would seem to imply they already verified the public key was
constant in the trojan and didn't differ between machines (or that
I'm giving Kaspersky's team too much credit with my assumptions).
--
{ IRL(Jeremy_Stanley); PGP(9E8DFF2E4F5995F8FEADDC5829ABF7441FB84657);
SMTP(fungi@yuggoth.org); IRC(fungi@irc.yuggoth.org#ccl); ICQ(114362511);
AIM(dreadazathoth); YAHOO(crawlingchaoslabs); FINGER(fungi@yuggoth.org);
MUD(fungi@katarsis.mudpy.org:6669); WWW(http://fungi.yuggoth.org/); }
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
