Full Disclosure mailing list archives
Who's Behind the GPcode Ransomware?
From: "Dancho Danchev" <dancho.danchev () gmail com>
Date: Tue, 10 Jun 2008 16:29:17 +0300
Hello, The following is an OSINT analysis aiming to assist in tracking down the malware authors behind GPcode who seem be to be building custom decryptors, next to issuing a universal one which can be used to decrypt anything ever encrypted by them. Who's behind the GPcode ransomware? It's Russian teens with pimples, using E-gold and Liberty Reserve accounts, running three different GPcode campaigns, two of which request either $100 or $200 for the decryptor, and communicating from Chinese IPs. Here are all the details regarding the emails they use, the email responses they sent back, the currency accounts, as well their most recent IPs used in the communication. http://ddanchev.blogspot.com/2008/06/whos-behind-gpcode-ransomware.html http://blogs.zdnet.com/security/?p=1259 Regards -- Dancho Danchev Cyber Threats Analyst/Blogger http://ddanchev.blogspot.com http://blogs.zdnet.com/security http://windowsecurity.com/Dancho_Danchev _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Who's Behind the GPcode Ransomware? Dancho Danchev (Jun 10)
- Re: Who's Behind the GPcode Ransomware? kat (Jun 10)