Gauss Hard to Decode, Kaspersky Looks for Help!

Gauss- the newly formed malware seems to be getting on nerves of researchers at Kaspersky Lab, as the security firm asks the community if someone can be of any help to decrypt the virus’s payload.

Kaspersky said that the hackers who formed Gauss shut down its power and control servers before the firm could track them down. And this is the main reason why the firm has problems decoding details about the virus.

In a statement, Aleks Gostev, chief security expert, Kaspersky global research and analysis team reveals that the idea and purpose of Gauss stays a mystery for the researchers. He further stated that the cryptography and precautions used by the authors to hide the payload of this malware can mean that it plans to target high profile users.

Gostev also explained that in order to understand the virus, it is mandatory to decrypt Gauss. He also revealed the fact that the payload of Gauss contains coding that could be used for cyber-sabotage, like Stuxnet’s SCADA code.

The destructive malware, Gauss, which was discovered by Kaspersky earlier this month, aimed to spy on banking passwords and transactions of computers in the Middle East, specifically in Lebanon. The banks that the virus attacked include Bank of Beirut, EBLF, BlomBank, ByblosBank, FransaBank, and Credit Libanais. The malware also targets Citibank and PayPal, which are the only non-Lebanese banks.

The virus is believed to be directly related to Flame, and is also said to be a descendant of Stuxnet and Duqu.

Gauss malware is directed to steal financial information, browser passwords, system configurations, cookies, and more. And just like Stuxnet, this virus can also be passed from computer to computer by infecting USB drives.

Researchers at Kaspersky clarified that the payload of Gauss stays in the USB data-stealing module. This payload, they said, is always on a lookout for a particular folder in Program Files, which begins with an extended character, such as Arabic or Hebrew. Once a folder is discovered along with other system requirements, Gauss uses its payload to decrypt and infect the computer.

So far, Gauss malware is believed to have infected more than 2,500 computers.… Read the rest

Read more

Determine Gauss Virus With Two Tools! Read to Find Out…

The destructive virus founded few days back, Gauss has hit the headlines worldwide as the malware has been spying on banking transactions, social networking, and email passwords of users. The main focus of Gauss virus was aimed to steal access credentials to Lebanese banks. Recently discovered by Kaspersky Lab, now the researchers at the security firms have found out tools that can help us detect Gauss early. Let’s take a look at these tools to avoid being a victim of this virus.

Gauss virus is a piece of malware whose main focus is to steal bank account login details of users. The banks that this virus attacked include the Bank of Beirut, BlomBank, EBLF, ByblosBank, Credit Libanais, and FransaBank. Not only that, this malware can also steal information for Citibank and PayPal.

If you think this is it, don’t underestimate this virus as it can also grab users’ browser history, cookies, passwords, system configurations and more.

Researchers at security firms, Kaspersky Lab and Crysys Labhave could not get much information about the builders themselves due to the shutdown of the command and control servers, which also left Gauss in midpoint. It could take days or months to unravel and find the builders.

Gauss is believed to be a descendant of a number of high-profile viruses such as Stuxnet, which got fame after the attack on nuclear plants in Iran in 2010, and Duqu, its sister malware. Gauss virus is also related to the recently recognized Flame, which has been a known as a major advancement in cyberespionage.

Closely together in relation, Gauss and Flame have almost same features. Both the viruses were built off of the same code base. Kaspersky says creators of Stuxnet virus possibly worked closely with those of Gauss and may have even shared source code.

As per Kaspersky, the most easy and reliable way to determine Gauss virus is to download and install the security company’s anti-virus solution or use the Kaspersky Virus Removal Tool, which can be downloaded free of cost.

However, there is also a quick way to detect Gauss on computer, in case download is not available for some reason. The entire system can be checked using a webpage from CrySyS, which comes from a Hungarian research lab. The lab also has a web-based method to help you check system for Palida Narrow.

You can visit the link at http://gauss.crysys.hu./Read the rest

Read more

Meet Gauss: the Recent Malware Linked with Stuxnet, Flame

Researchers on Thursday revealed the name of new kind of malicious software that they recently discovered. Named Gauss, this malware seems to have descended from the same state-sponsored program that is also known for producing viruses such as Stuxnet and Flame.

The researchers believe that this malware shares the same features as of earlier identified viruses that were meant for computers attached to Iran’s nuclear program. This new software, Gauss is designed particularly to lift information such as customer data from banks as well as PayPal and Citibank in Lebanon.

It is believed that earlier detected viruses, Stuxnet and Flame were developed by the United States and Israel.

Gauss malware was discovered while researchers were looking for variants of Flame. The name, Gauss comes from the main module in the program, which seems to be named for German mathematician Carl Friedrich Gauss. Other portions of the program are also named for famous mathematicians. The program began circulating as early as September.

So far, Kasperksy Lab, the Russian cybersecurity firm has found about 2,500 infections but believes there may be tens of thousands worldwide. Along with finding the malware in Lebanon, researchers found it in Israel and the Palestinian territories.

How Gauss is transmitted from computer to computer stays unclear. As the virus can’t spread on its own, it has not yet affected as many computers as Stuxnet. What this virus can do is download monitoring software onto portable USB drives to gather information from uninfected machines. This gives Gauss the chance to profile computers that are not connected to the Internet.

It is also believed that Gauss was designed only for surveillance. It wasn’t made to cause physical damage, unlike Stuxnet, which destroyed centrifuges in the middle of Iran’s nuclear program. But researchers still have to crack sections of Gauss’s code that could hide destructive capabilities.

Researchers said there is a module in Gauss that installs a font under the curious name of “Paladi Narrow.” That file does not contain malicious code, but there is an assumption that its name hints at a destructive payload.… Read the rest

Read more