Gauss - new nation state sponsored banking Trojan

tomazyk · Aug 9, 2012

Gauss is a nation state sponsored banking Trojan which carries a warhead of unknown designation. Besides stealing various kinds of data from infected Windows machines, it also includes an unknown, encrypted payload which is activated on certain specific system configurations.
Click to expand...

More here: http://www.securelist.com/en/blog/2...state_cyber_surveillance_meets_banking_Trojan

EDIT: and here is detailed analysis: http://www.securelist.com/en/analysis/204792238/Gauss_Abnormal_Distribution

siljaline · Aug 9, 2012

See also: https://www.wilderssecurity.com/showthread.php?t=325011

Flame and Stuxnet Cousin Targets Lebanese Bank Customers, Carries Mysterious Payload.

A newly uncovered espionage tool, apparently designed by the same people behind the state-sponsored Flame malware that infiltrated machines in Iran, has been found infecting systems in other countries in the Middle East, according to researchers.

The malware, which steals system information but also has a mysterious payload that could be destructive against critical infrastructure, has been found infecting at least 2,500 machines, most of them in Lebanon, according to Russia-based security firm Kaspersky Lab, which discovered the in June and published an extensive analysis of it on Thursday.
Click to expand...

Calls to curb cyber espionage after state-sponsored attack targets Lebanon

The international community has been urged to act quickly to curb cyber espionage after security researchers discovered the latest state-sponsored attack targeting financial systems in Lebanon.

Thousands of people in the Middle East were targeted by the latest cyber snooping assault, named Gauss, according to the security experts Kaspersky Lab.
Click to expand...

Baserk · Aug 9, 2012

According to Kaspersky;
'Based on our analysis and the timestamps from the collected malware modules, we believe the Gauss operation started sometime around August-September 2011. ...
It’s important to mention that Gauss infects USB sticks with a data stealing component that takes advantage of the same .LNK CVE-2010-2568 vulnerability exploited by Stuxnet and Flame. ...
It should be noted that the vast majority of Gauss victims run Windows 7, which should be prone to the .LNK exploit used by Stuxnet.' link

CVE-2010-2568 was fixed in 2010, no? link
Why would Win 7 users be prone to this component of Gauss. All non-updated Win7 versions?
'Prone' means 'be inclined to' as in 'vulnerable', right?.

JRViejo · Aug 10, 2012

From targeting Lebanese banking customers to installing a font, security researchers seem to be unearthing as many questions as answers in their teardown of the surveillance malware.
Click to expand...

Gauss Espionage Malware: 7 Key Facts by Mathew J. Schwartz.

Researchers at Kaspersky Lab have teamed up with Hungarian research lab CrySyS for an online tool that detects if your device is infected with Gauss malware.
Click to expand...

Is Your Computer Infected With Gauss Malware? by Chloe Albanesius.

Dermot7 · Aug 10, 2012

Computerworld - Two security organizations have released online tools that let Windows users check for possible infections by Gauss, the newly-revealed cyber surveillance malware thought to have been built by one or more governments.

Kaspersky Lab and the Laboratory of Cryptography and System Security (CrySys) at the Budapest University of Technology and Economics each published Gauss detection tools today.
Click to expand...

https://www.computerworld.com/s/art...push_free_Gauss_detection_tools?taxonomyId=17

JRViejo · Aug 14, 2012

"So today we are presenting all the available information about the payload in the hope that someone can find a solution and unlock its secrets," Kaspersky said today. "We are asking anyone interested in cryptology and mathematics to join us in solving the mystery and extracting the hidden payload."
Click to expand...

Kaspersky Wants Help Decrypting Gauss Malware by Chloe Albanesius.

JRViejo · Aug 15, 2012

The most famous -- and mysterious -- font (yes, we're talking typeface) in the information security world right now is Palida Narrow.
Click to expand...

Mysterious Font Left by Malware Befuddles by Taylor Armerding.

Log in or Sign up

Gauss - new nation state sponsored banking Trojan

tomazyk Guest

siljaline Registered Member

Baserk Registered Member

JRViejo Super Moderator

Dermot7 Registered Member

JRViejo Super Moderator

JRViejo Super Moderator

Log in or Sign up

Gauss - new nation state sponsored banking Trojan

tomazyk Guest

siljaline Registered Member

Baserk Registered Member

JRViejo Super Moderator

Dermot7 Registered Member

JRViejo Super Moderator

JRViejo Super Moderator

Useful Searches