Malware targeting GnuPG/PGP Keyrings
David Shaw
dshaw at jabberwocky.com
Thu Sep 25 22:29:09 CEST 2008
On Thu, Sep 25, 2008 at 03:56:25PM -0400, Robert J. Hansen wrote:
> David Shaw wrote:
> > It seems odd for a malware author to spend time going after such a
> > small "target market". Going after company-wide installs, perhaps?
>
> I would imagine the author thinks people with keyrings are high-value
> targets, who will be putting high-value secrets in encrypted mails. But
> that's just a guess on my part.
Sure, but the economics of it are interesting. A tiny fraction of
users even have PGP. Some fraction of those users use it for mail on
something approaching a regular basis, and some fraction of those
users are putting something that the malware author might care about
in a message.
It's not clear how big or small the fractions are, but the implication
is that the malware author must be very interested in a very few
messages... or the writing and distribution of this particular malware
was so easy that the small target space wasn't a worry... or some
graceful balance in between.
David
More information about the Gnupg-users
mailing list