Malware targeting GnuPG/PGP Keyrings

David Shaw dshaw at
Thu Sep 25 22:29:09 CEST 2008

On Thu, Sep 25, 2008 at 03:56:25PM -0400, Robert J. Hansen wrote:
> David Shaw wrote:
> > It seems odd for a malware author to spend time going after such a
> > small "target market".  Going after company-wide installs, perhaps?
> I would imagine the author thinks people with keyrings are high-value
> targets, who will be putting high-value secrets in encrypted mails.  But
> that's just a guess on my part.

Sure, but the economics of it are interesting.  A tiny fraction of
users even have PGP.  Some fraction of those users use it for mail on
something approaching a regular basis, and some fraction of those
users are putting something that the malware author might care about
in a message.

It's not clear how big or small the fractions are, but the implication
is that the malware author must be very interested in a very few
messages... or the writing and distribution of this particular malware
was so easy that the small target space wasn't a worry... or some
graceful balance in between.


More information about the Gnupg-users mailing list