It appears malware authors are getting more and more innovative in their approach to profiting from their activities. Kaspersky Labs have recently come across a new variant of the "Gpcode" virus. This little bastard first encrypts various file formats it finds on your computer, then drops a vbs file which deletes the primary executable, and subsequently recommends you email the author with a unique ID that will allow him to decrypt your files, a service for which you will be charged a sum at his/her whim.
For the previous 7 variants, the author has used RC4
to encrypt the files, and then encrypted the RC4 key with variable bit length RSA
. The latest variant has moved up to using 1024 bit RSA, and now uses various emails to facilitate extortion of payment.
This virus seems to be proliferating at such an alarming rate that Kaspersky have taken the unprecedented step of asking the public for help in determining how best to combat this virus, and are even asking for suggestions on how to approach factorization of the keys. Providing that a fundamental weakness is not present in any aspect of implementation, the keys are, practically speaking, unbreakable
I suppose it just goes to show that that mind of a good programmer is always seeking more efficient ways of achieving its goal.
More info here
, and here
Added some extra info