• IDP Daily Update #1282
  posted: 10/10/08
  
• NSM Daily Update #1282
  posted: 10/10/08
  
• Deep Inspection 5.3r5 and above, 5.4, 6.0 #1282
  posted: 10/10/08
  
• Deep Inspection 5.1, 5.2, 5.3r4 and below #1274
  posted: 10/10/08
  
• Deep Inspection 5.0 #1132
  posted: 04/01/08
  
• Antivirus
  posted: 10/10/08

• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Virus.Win32.GPCode.f, .g, .h, .i

27 Jun 2005 14:58:00 +0300

Kaspersky Lab has detected several infections caused by new modifications of Virus.Win32.GPCode. So far, information has only been received from Russian users. Four new modifications have been added to Kaspersky Anti-Virus databases.

This program can encrypt data files with extensions such as .txt, xls, rar, doc, html, pdf etc). Encrypted files contain the words 'PGPCoder' at the beginning of the file. Folders which contain encrypted files will also contain a file named readme.txt. The contents of readme.txt are given below, although the email address may differ:

Some files are coded.
To buy decoder mail: md731@yandex.ru       
with subject: PGPcoder md73

If the user sends a message to the address contained in the text file, they will receive an answer saying that files can be decrypted for payment, and a sum will be named.

Kaspersky Lab strongly recommends that users should not attempt to make contact or pay any money for the 'decoder', as this is effectively blackmail. All the newest modifications of Virus.Win32.GPCode are detected by the latest Kaspersky Anti-Virus databases. Users simply need to update antivirus databases and run a full scan of the computer's hard disk in order to decrypt encrypted files.