With more and more of the world taking things into the digital era, the potential for hacking and exploitation of this fact becomes greater. This is a driving force in the production of viruses; they'll hit more computers now than ever before, due to the higher number of computers in the world.
This has been a particular pain in the Middle East lately, especially with non-public entities like the government. Iran in particular encountered 'Flame', 'Stuxnet', and AC/DC, but these viruses seemed to put more weight on hitting the Iranian infrastructure than the public. What has been found now isn't as picky in its targeting.
Dubbed 'Gauss', the virus was first picked up by the Russian Kaspersky Labs. They believed it to be an evolution or modification of Flame, but have gone on to state that it is a standalone infection in its own right. Flame is already famous for being one of the most complex computer viruses of all time, so for an evolution to have been created it would have been big news.
Gauss is surprisingly localized around the Middle East, and is built to mess with Windows computers. It harvests login details and browsing information, mostly. Some Lebanese banks in particular, such as the Bank of Beirut, have been particularly heavily hit.
If you're planning to be clever and use a portable browser on a memory stick for your banking from here on, don't be so sure. Gauss comes with its own payload, to infect USB memory sticks as well. It identifies everything it can about your computer when you plug that memory stick into another machine, and it can infect that as well if it wants to. Gauss is not an amateur virus or anything of that nature. It was cooked up by people who understand what they're doing.
It doesn't exactly look 'narrow', but whatever.
Kaspersky has identified something unusual about the virus. You can tell if you've been infected through a font on your computer. It's called Palida Narrow, and if you have it, you're infected. Quite why it installs a font isn't clear, but it's a good measure of whether you're infected or not. If you have the font then you're going to want to check your PC for malware. Preferably immediately.
Then there's the question of where these viruses are coming from. According to Kaspersky it seems they were probably nationally developed. That brings the possibility of a government funded development into play. With the fact it's localized on hitting Middle Eastern countries, you have all you need to construct a theory. The Middle East is one of the most volatile regions of the world at present and you only have to look at the news to see Iranian relations with the rest of the world.
Source: The Register | All images via Kaspersky
20 Comments - Add comment