encryption ransom virus (was Re: cross-OS transparent encryption)

Erpo erpo41 at hotpop.com
Wed Jun 8 22:01:08 CEST 2005 

On Tue, 2005-06-07 at 05:12 -0600, Henry Hertz Hobbit wrote:
> I will caution you that at one time RedHat put in support for the
> NTFS file system 
[...]

The old NTFS driver may have caused problems when partitions were
mounted read-write. However, the new NTFS driver doesn't do that. Unless
you set a configuration option when the driver is compiled, the driver
will not write to the partition even if the kernel tries to mount it R/W
and the user has correct permissions. When the writable flag is enabled
during compilation, the driver enables OVERWRITE support, which is not
the same thing as write support. Overwrite support is supposed to be
completely safe, but it's not nearly as useful as actual write support
in most cases.

But that's not what this thread is about. There are plenty of web pages
out there describing all the details of how to (try to) get windows and
linux to share information, and some of the methods work well enough.
The original poster wanted transparent encryption that's compatible with
both OSs, and AFAIK software isn't currently mature enough to support
that. It would require huge advances in the NTFS driver, a version of
DM-Crypt for windows, or something completely new.

Unless there's some other option out there that hasn't already been
mentioned, in which case I think a lot of people would be interested,
particularly Hernan and me.

> ENCRYPTION IS USED BY A TROJAN:
> ===============================
> I thought you would all like to hear that a Trojan Horse is now using
> encryption to encrypt people's files and hold them for ransom:
> 
> http://www.pcmag.com/article2/0,1759,1821782,00.asp
> http://securityresponse.symantec.com/avcenter/venc/data/trojan.gpcoder.html
> 
> Now unlike that judge who found the mere presence of PGP on the person's
> machine (I would have loved being a member of the jury to show the judge
> just how ignorant he was) as indication of illegal activity, this IS an
> illegal use of encryption!  I am amazed they even caught it at all, and
> evidently a bat file deleting itself is okay now.

That's a pretty obnoxious virus, judging from the description. Still,
there's something odd about the phrase "illegal use of encryption". I'm
going to have to think more about that.


Thanks,

Eric

More information about the Gnupg-users mailing list