‘Gauss’ – a new cyber-virus that monitors online banking accounts – has been discovered by Kaspersky Lab (News - Alert). It is believed to be targeting the Middle East.
What makes Gauss even more intriguing is that it is believed to be “a complex, nation-state sponsored cyber-espionage toolkit,” Kasperksy said in a statement carried by TMCnet.
In addition, its purpose is to steal sensitive data, with a focus on browser passwords, online banking account credentials, cookies, and specific configurations of infected machines.
It was designed to steal data, too, from several Lebanese banks including the Bank of Beirut, EBLF, BlomBank, ByblosBank, FransaBank and Credit Libanais, according to Kaspersky. It also targets users of PayPal (News - Alert) and Citibank. It can steal, too, credentials to access online banking systems and payment methods.
Also, the Trojan in Gauss is not found in any previously-known cyber-weapons, Kaspersky added.
It was found by Kaspersky Lab in June and has some traits it shares with Flame malware, such as: similar architectural platforms, module structures, code bases and means of communication with command & control (C&C) servers.
The Gauss C&C infrastructure was shut down in July 2012 – a month after it was discovered. The malware is dormant and is waiting for its C&C servers to once again become active. The Gauss Trojan was blocked and remediated by Kaspersky Lab.
It is also suspected that Gauss began operations around September 2011. Since late May, more than 2,500 infections were recorded by Kaspersky Lab, with the estimated number of victims of Gauss in the tens of thousands. That’s more than Flame but less than Stuxnet.
Some 66 percent of the Gauss-infected Windows PCs are located in Lebanon, 19 percent in Israel and 10 percent in the region referred to as Palestine. And it was named after the German mathematician Johann Carl Friedrich Gauss.
In a recent statement, Alexander Gostev, chief security expert at Kaspersky Lab, said, “Gauss bears striking resemblances to Flame, such as its design and code base, which enabled us to discover the malicious program. Similar to Flame and Duqu, Gauss is a complex cyber-espionage toolkit, with its design emphasizing stealth and secrecy; however, its purpose was different to Flame or Duqu. Gauss targets multiple users in select countries to steal large amounts of data, with a specific focus on banking and financial information.”
For more details, please click here or here for a FAQ.
In a recent report, Computerworld suspects Gauss is connected to Stuxnet. Stuxnet was used to attack a nuclear fuel enrichment program in Iran. Some sector watchers speculate that the U.S. and/or Israeli governments were behind Stuxnet and Flame.
Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO West 2012, taking place Oct. 2-5, in Austin, TX. ITEXPO (News - Alert) offers an educational program to help corporate decision makers select the right IP-based voice, video, fax and unified communications solutions to improve their operations. It's also where service providers learn how to profitably roll out the services their subscribers are clamoring for – and where resellers can learn about new growth opportunities. For more information on registering for ITEXPO click here.
Stay in touch with everything happening at ITEXPO. Follow us on Twitter.
Edited by Jamie Epstein