Kaspersky discovers new 'Gauss' virus, similar to Flame

With more and more of the world taking things into the digital era, the potential for hacking and exploitation of this fact becomes greater. This is a driving force in the production of viruses; they'll hit more computers now than ever before, due to the higher number of computers in the world.

This has been a particular pain in the Middle East lately, especially with non-public entities like the government. Iran in particular encountered 'Flame', 'Stuxnet', and AC/DC, but these viruses seemed to put more weight on hitting the Iranian infrastructure than the public. What has been found now isn't as picky in its targeting.

Dubbed 'Gauss', the virus was first picked up by the Russian Kaspersky Labs. They believed it to be an evolution or modification of Flame, but have gone on to state that it is a standalone infection in its own right. Flame is already famous for being one of the most complex computer viruses of all time, so for an evolution to have been created it would have been big news.

Gauss is surprisingly localized around the Middle East, and is built to mess with Windows computers. It harvests login details and browsing information, mostly. Some Lebanese banks in particular, such as the Bank of Beirut, have been particularly heavily hit.

If you're planning to be clever and use a portable browser on a memory stick for your banking from here on, don't be so sure. Gauss comes with its own payload, to infect USB memory sticks as well. It identifies everything it can about your computer when you plug that memory stick into another machine, and it can infect that as well if it wants to. Gauss is not an amateur virus or anything of that nature. It was cooked up by people who understand what they're doing.

'

It doesn't exactly look 'narrow', but whatever.

Kaspersky has identified something unusual about the virus. You can tell if you've been infected through a font on your computer. It's called Palida Narrow, and if you have it, you're infected. Quite why it installs a font isn't clear, but it's a good measure of whether you're infected or not. If you have the font then you're going to want to check your PC for malware. Preferably immediately.

Then there's the question of where these viruses are coming from. According to Kaspersky it seems they were probably nationally developed. That brings the possibility of a government funded development into play. With the fact it's localized on hitting Middle Eastern countries, you have all you need to construct a theory. The Middle East is one of the most volatile regions of the world at present and you only have to look at the news to see Iranian relations with the rest of the world.

Source: The Register | All images via Kaspersky

Report a problem with article
Previous Story

TextMate 2 open-sourced under GPLv3

Next Story

Apple tried to license iOS patents to Samsung back in 2010

20 Comments

Commenting is disabled on this article.

Would looking at the default encoding this font uses give any clues as to what geographical region it's intended target is located?

Fer63 said,
If wasn´t by the fact that some Israel computers have been affected I´d say that comes from US.

If you want to ensure your enemies get infected, some of your own systems need to be infected. Having said that, I wouldn't call Israel an ally of the United States. They're friendly because it benefits the both of them. As soon as that changes, all bets would be off in a heartbeat.

Fer63 said,
If wasn´t by the fact that some Israel computers have been affected I´d say that comes from US.
Failing to understand that people on the internet might be in another country and can infect your computer.

Priceless

There's a lot of russian researchers that go looking for these kinds of viruses and disassemble them to see how they work. I found a blog of someone (who then got hired by kapersky I think ironically) who was doing that and showing how a very common virus was modified to do random GDI calls every so often and literally every virus scanner stopped detecting it as a virus.

And obviously these are nation developed.

Tender Foot said,
surprised no one blamed this on the U.S yet! it's ongoing theme on this site.

If the shoe fits..,,ah im just messing with you, these viruses are clearly writing themselves

Good to see Kaspersky finding this stuff....I love their products. I can see sh*t hitting the fan though if people dig deeper into the source of this virus....I thought something was up when the Iranian AC/DC hit, let alone this....Watch this space.

SickDave said,
Good to see Kaspersky finding this stuff....I love their products. I can see sh*t hitting the fan though if people dig deeper into the source of this virus....I thought something was up when the Iranian AC/DC hit, let alone this....Watch this space.

I'm pretty sure they're find them only because they're Russians, and as we know, don't excel in cooperation with USA.

jackkk1 said,

I'm pretty sure they're find them only because they're Russians, and as we know, don't excel in cooperation with USA.

In their blog, Kaspersky experts did claim that they expect more to be found when they were writing about Flame. They did hint that its possible Flame allowed other infection to happen which will be found later on as coders around the world starts understanding the Flame