Skip to main content

Gauss Virus Stuxnet Like Cyberweapon Hits Middle East Banks


A new cyber surveillance virus has been found in the Middle East that can spy on banking transactions and steal login and passwords, according Kaspersky Lab, a leading computer security firm.

Dubbed Gauss, the virus may also be capable of attacking critical infrastructure and was very likely built in the same laboratories as Stuxnet, the computer worm widely believed to have been used by the US and Israel to attack Iran's nuclear programme, Kaspersky Lab said on Thursday.

The Moscow-based firm said it found Gauss had infected more than 2,500 personal computers, the bulk of them in Lebanon, Israel and the Palestinian territories. Targets included Lebanon's BlomBank, ByblosBank and Credit Libanais, as well as Citibank and eBay's PayPal online payment system.
Officials with the Lebanese banks said they were unaware of the virus. PayPal spokesman Anuj Nayar said the company was investigating the matter but was not aware of any increase in "rogue activity" as a result of Gauss. A Citibank spokeswoman declined to comment.

Kaspersky Lab would not speculate on who was behind Gauss, but said the virus was connected to Stuxnet and two other related cyber espionage tools, Flame and Duqu. The US department of defense declined to comment.

"After looking at Stuxnet, Duqu and Flame, we can say with a high degree of certainty that Gauss comes from the same 'factory' or 'factories,'" Kaspersky on its website. "All these attack toolkits represent the high end of nation-state-sponsored cyber-espionage and cyberwar operations."

Jeffrey Carr, an expert on cyber-warfare who runs security firm Taia Global, said the US government has long monitored Lebanese banks for clues about the activities of militant groups and drug cartels. He said Gauss was likely built by adapting technology deployed in Flame.

"You've got this successful platform. Why not apply it to this investigation into Lebanese banks and whether or not they are involved in money laundering for Hezbollah?" he said.

New York's state banking regulator this week accused Britain's Standard Chartered Plc of violating US anti-money laundering laws by scheming with Iran to hide more than $250bn of transactions.

Experts said that surveillance viruses like Gauss are perfect tools for government intelligence units to gather information for such investigations, though they did not specifically link Gauss to the Standard Chartered case.
According to Kaspersky Lab, Gauss can also steal passwords and other data, and send information about system configurations.

Modules in the virus have internal names that researchers believe were chosen to pay homage to famous mathematicians and philosophers, including Johann Carl Friedrich Gauss, Kurt Godel and Joseph-Louis Lagrange.


Kaspersky Lab said it called the virus Gauss because that is the name of the most important module, which implements its data-stealing capabilities.
One of the firm's top researchers said Gauss also contains a module known as "Godel" that may include a Stuxnet-like weapon for attacking industrial control systems. Stuxnet, discovered in 2010, was used to attack computers that controlled the centrifuges at a uranium enrichment facility in Natanz, Iran.

Roel Schouwenberg, a senior researcher with Kaspersky, said the Godel code may include a similar "warhead."

Godel copies a compressed, encrypted program onto USB drives. That program will only decompress and activate when it comes in contact with a targeted system.

While Kaspersky has yet to fully crack Godel's code, Schouwenberg said he suspects it is a cyber weapon designed to cause physical damage and that its developers went to a lot of trouble to hide its purpose, using an encryption scheme that could take months or even years to unravel.

Meanwhile, a UN agency that advises countries on protecting infrastructure plans to send an alert on the mysterious code.


http://www.guardian.co.uk/technology/2012/aug/09/stuxnet-gauss-virus-kaspersky

Comments

Popular posts from this blog

Pakistani JF-17 A Thunder OR A Blunder

Pakistan has witnessed new defense acquisitions in this decade than any other, and in the center of it all is the new fighter which was designed by China with partial funding from Pakistan. It is formally known as JF-17 Thunder. When the fighter was in development, Pakistani online communities were jumping with excitement comparing it with its arch rival India’s modern combatants Su-30MKI, Mig-29S & Mirage-2000H. There were claims of it featuring western Radars and long range missiles, & Chinese ordering some due to its superior capabilities. But the reality is far from it. China having spent significant amount of money into a fighter which it is never going to use, most probably forced Pakistan to accept its avionics to offset some its development costs. Chinese who are known for their self reliance first and quality next, are further downgrading JF-17s capabilities with their poorly copy-pirated avionics. Along with their dubious weapons, any chance of JF...

India Planned Attack On Pak Navy Mehran Base To Kill Chinese Engineers

The terrorist attack on Karachi's Mehran Naval Station on May 22 was conceived and launched by India with the primary objective of killing the Chinese engineers present there, a Pakistani newspaper has claimed, citing 'informed sources'. Four to six Taliban terrorists had entered PNS Mehran on May 22, destroying two maritime surveillance aircraft and killing ten military personnel during their 17-hour siege of the naval air base. "India is the only country in the region that feels troubled by the Pakistan Navy, which had awfully beaten the Indian Navy in Operation Dwarka of 1965. Since then, it has been an earnest desire of India to harm the Pakistan Navy but it was perhaps not possible on the battle front, hence it struck the PNS Mehran," The News quoted sources as saying.

Pakistani F-16s Shoot Down RAF Eurofighter Typhoons During Air Combat Exercises In Turkey

Pakistani pilots flying modernised versions of the 1970s-vintage F-16 Falcon fighter have beaten the RAF's brand-new Eurofighter Typhoon superfighters during air combat exercises in Turkey, according to a Pakistani officer. Analysis: The RAF Typhoon, formerly known as the Eurofighter, should nonetheless have been vastly superior in air-to-air combat whether BVR or close in within visual range (WVR). The cripplingly expensive, long-delayed Eurofighter was specifically designed to address the defects of its predecessor the Tornado F3 – famously almost useless in close-in, dogfighting-style air combat. The Typhoon was meant to see off such deadly in-close threats as Soviet "Fulcrums" and "Flankers" using short-range missiles fired using helmet-mounted sight systems: such planes were thought well able to beat not just Tornados but F-16s in close fighting, and this expectation was borne out after the Cold War when the Luftwaffe inherite...