New Flame-Style Virus Hits International Banks

New Flame-Style Virus Hits International Banks

image

Gauss, the latest addition to the Stuxnet virus family, has been found in Lebanon, Israel and Palestine.

Kaspersky Labs - the Moscow-based anti-virus company - have identified another member of the Stuxnet virus family. Dubbed Gauss, after mathematician Johann Carl Friedrich Gauss, this virus has been identified in banks across the Middle East, mostly in Lebanon, but also in Israel and Palestine. It also targets users of Citibank and PayPal. Approximately 2,500 machines have been confirmed infected with Gauss; a significant increase over its predecessor Flame, which only hit 700 machines in Iran. Kaspersky suspects that this is the tip of the iceberg, and that Gauss probably hit tens of thousands of machines that it doesn't yet know about. Gauss has been designed as a data-collector, but may also have been intended to attack - even destroy - financial networks.

Kaspersky is confident that Gauss is from the Stuxnet family. Kaspersky alleges that Gauss shares significant commonalities with Flame, including "similar architectural platforms, module structures, code bases and means of communication with command & control (C&C) servers." However where Flame went for government and educational machines, Gauss is purely a financial shark that, Kaspersky estimates, has been in operation since September 2011. "The Gauss C&C infrastructure was shutdown in July 2012 shortly after its discovery," said Kaspersky in its official statement. "Currently the malware is in a dormant state, waiting for its C&C servers to become active."

It's impossible to be sure what Gauss is intended to do, but the likelihood is Gauss was built to monitor financial transactions. Alexander Gostev of Kaspersky called it a "complex cyber-espionage toolkit," and added that "Gauss targets multiple users in select countries to steal large amounts of data, with a specific focus on banking and financial information." It's also capable of collecting access credentials for various online banking systems and payment methods, which suggests that Gauss was built to steal as well as to monitor cash flow. It may have been intended as an attack weapon, as well as an intelligence gathering device.

Its initial infection point is unknown but it spreads stealthily and in a controlled manner, making it difficult to detect. Like previous versions Gauss can also infect via USB devices, but according to Kaspersky it does so in a more "intelligent" manner than its previous iterations. "Gauss is capable of "disinfecting" the drive under certain circumstances," says Kaspersky's official statement, "and uses the removable media to store collected information in a hidden file. Another activity of the Trojan is the installation of a special font called Palida Narrow, and the purpose of this action is still unknown."

Of course, the really fun fact about Flame was that it got off the reservation. Though initially reported in Iran, it later was found in North America and Europe. Kaspersky still don't know exactly how many machines are infected with Gauss but, though their provisional estimate suggests that the Middle East was the primary target zone, if PayPal and Citibank were targeted then Gauss could end up ... pretty much anywhere.

Source: Guardian, Kaspersky Labs

Permalink

Let's hope this virus doesn't cause a pandemic
God that was horrible

I thought Gaussing was considered a war crime?

Now I'm wondering what Palida Narrow looks like.

Kopikatsu:
Now I'm wondering what Palida Narrow looks like.

A quick google image search gave me the following; some dogs, a flower, other "internet security" images from related articles, and a naked butt.

Maybe it's some ploy to gain licensing money for the font or some other evil plan. I dunno lol.

What happened to good old "normal" warfare, you know, where you didn't infect thousands of innocent computers worldwide just so you can cripple financial targets in the middle east? It's all fun and games until someone leaks documents that bind these actions to some western government.

This is terrible 8(
CYBERDiNE terrible...

I really don't like the use of an obscure font. Looks to me like a sort of tag or tracking method.

In all seriousness, this is a ticking time bomb...

"means of communication with command & control (C&C) servers."

Saw C&C and instantly thought of GDI's gauss weapons in Command and Conquer. The names could not be better.

I really wonder who is making these viruses

what's with middle-eastern countries and viruses these days?

Dear government, if you are making these, please stop. I'd trust Iran with nukes more than I trust you to keep these trojans under control. What you're doing doesn't improve global security, it threatens it.

samahain:
This is terrible 8(
CYBERDiNE terrible...

I really don't like the use of an obscure font. Looks to me like a sort of tag or tracking method.

In all seriousness, this is a ticking time bomb...

Well yes it is but its still seems much preferable to actual bombs. It seems highly unlikely that cyber warfare or espionage is ever going to be nearly as bad the actual versions so I praise it. The scary thing is that it can reach more people farther away than any short of a WMD and does not require the inferstructure that those do. This maans people realize they could easily be affected by it, but its outcome is still does not include anyone dying.

zerragonoss:

samahain:
This is terrible 8(
CYBERDiNE terrible...

I really don't like the use of an obscure font. Looks to me like a sort of tag or tracking method.

In all seriousness, this is a ticking time bomb...

Well yes it is but its still seems much preferable to actual bombs. It seems highly unlikely that cyber warfare or espionage is ever going to be nearly as bad the actual versions so I praise it. The scary thing is that it can reach more people farther away than any short of a WMD and does not require the inferstructure that those do. This maans people realize they could easily be affected by it, but its outcome is still does not include anyone dying.

The other problem is that you don't have to declare war to go into an all out cyber war. The national and international laws of war officially need to catch up to technology in a way they haven't since the end of World War I. This is going to get much worse before it gets better.

NLS:

Kopikatsu:
Now I'm wondering what Palida Narrow looks like.

A quick google image search gave me the following; some dogs, a flower, other "internet security" images from related articles, and a naked butt.

It's a plan to moon people remotely! THOSE FIENDS!

NLS:
What happened to good old "normal" warfare, you know, where you didn't infect thousands of innocent computers worldwide just so you can cripple financial targets in the middle east? It's all fun and games until someone leaks documents that bind these actions to some western government.

And then nothing will change.:/

It's odd, I just finished reading a short story where viruses were used to collapse banking infrastructure, then a foreign military went in to restore orderannex the place.

rolfwesselius:
Let's hope this virus doesn't cause a pandemic
God that was horrible

I... I think that's not even a pun. Virus get their name through analogy. By that token, you could call uncontrolled spread of malware a pandemic and it'd make sense.

Try this: Thinking of the people who made this makes me sick.

NLS:

Kopikatsu:
Now I'm wondering what Palida Narrow looks like.

A quick google image search gave me the following; some dogs, a flower, other "internet security" images from related articles, and a naked butt.

Maybe it's some ploy to gain licensing money for the font or some other evil plan. I dunno lol.

What happened to good old "normal" warfare, you know, where you didn't infect thousands of innocent computers worldwide just so you can cripple financial targets in the middle east? It's all fun and games until someone leaks documents that bind these actions to some western government.

Yeah, nothing like the good old days when people were murdered, genocided, tortured and raped! Being slightly inconvenienced is much worse because maybe it'll affect me personally!

Give the folks at Kapersky and Norton a few weeks, and they will have this thing figured out. The first step to eliminating a computer virus is identification. That has obviously been done, and they have also probably decompiled it given the wording of the article. I would say, "Crisis averted," and move on.

Seems pretty obvious that the font installation is, as someone pointed out above, a means of signaling to Gauss, or other undiscovered variants, that this computer was already infected at one point, so is probably a low value target -- and do so in a way that's totally innocuous, both to users and to anti-virus software.

After all, for most programs it's tough to leave crap behind when the program's uninstalled, and particularly security conscious users will often go in after an uninstall and manually remove any left-over directories or files. But nobody cares about fonts.

Xan Krieger:
"means of communication with command & control (C&C) servers."

Saw C&C and instantly thought of GDI's gauss weapons in Command and Conquer. The names could not be better.

So that's what Westwood have been doing all this time.

Also, although no one is saying it... Are we all agreed it's totally America behind these viruses? I mean, Iran getting their nuclear programme infected with spyware, and then hijacking it with AC/DC when it was found. There's only one country that could be, and it ain't the Nepalese.

Hero in a half shell:

Xan Krieger:
"means of communication with command & control (C&C) servers."

Saw C&C and instantly thought of GDI's gauss weapons in Command and Conquer. The names could not be better.

So that's what Westwood have been doing all this time.

Also, although no one is saying it... Are we all agreed it's totally America behind these viruses? I mean, Iran getting their nuclear programme infected with spyware, and then hijacking it with AC/DC when it was found. There's only one country that could be, and it ain't the Nepalese.

Yeah, the United States is the only country that has the know-how to make a virus oh god I can't maintain the sarcasm there are -plenty- of countries it could be. The United States, Israel, China, Japan, Russia, France, the U.K., basically any country that isn't a complete shithole.

I really, really hate viruses. Wouldn't it be nice if no more of them were made?

McMullen:
Dear government, if you are making these, please stop. I'd trust Iran with nukes more than I trust you to keep these trojans under control. What you're doing doesn't improve global security, it threatens it.

You can hide in my bunker if you want

Redlin5:
I really, really hate viruses. Wouldn't it be nice if no more of them were made?

It takes a real arsehat to make a virus. I wonder if it would be a crime for American Citizens to have an anti virus which negates this virus......*strokes beard*

Owyn_Merrilin:

zerragonoss:

samahain:
This is terrible 8(
CYBERDiNE terrible...

I really don't like the use of an obscure font. Looks to me like a sort of tag or tracking method.

In all seriousness, this is a ticking time bomb...

Well yes it is but its still seems much preferable to actual bombs. It seems highly unlikely that cyber warfare or espionage is ever going to be nearly as bad the actual versions so I praise it. The scary thing is that it can reach more people farther away than any short of a WMD and does not require the inferstructure that those do. This maans people realize they could easily be affected by it, but its outcome is still does not include anyone dying.

The other problem is that you don't have to declare war to go into an all out cyber war. The national and international laws of war officially need to catch up to technology in a way they haven't since the end of World War I. This is going to get much worse before it gets better.

Well I'm glad someone realizes the progression that will take place. We are barely seeing what is possible. Besides which, discovered virii are failures. We'll never hear about the successes until they do the damage they were intended to do.

brb, just withdrawing all my money from the bank....

McMullen:
Dear government, if you are making these, please stop. I'd trust Iran with nukes more than I trust you to keep these trojans under control. What you're doing doesn't improve global security, it threatens it.

I agree, this smacks of government monitoring.

Blatant guessing: I would say set up by US government to observe spending patterns on terrorism related expenditure. Sounds too well done to be home style programming.

The middle-east must be a proving ground for virus's or something, they always start there these days D:

Antari:

Owyn_Merrilin:

zerragonoss:

Well yes it is but its still seems much preferable to actual bombs. It seems highly unlikely that cyber warfare or espionage is ever going to be nearly as bad the actual versions so I praise it. The scary thing is that it can reach more people farther away than any short of a WMD and does not require the inferstructure that those do. This maans people realize they could easily be affected by it, but its outcome is still does not include anyone dying.

The other problem is that you don't have to declare war to go into an all out cyber war. The national and international laws of war officially need to catch up to technology in a way they haven't since the end of World War I. This is going to get much worse before it gets better.

Well I'm glad someone realizes the progression that will take place. We are barely seeing what is possible. Besides which, discovered virii are failures. We'll never hear about the successes until they do the damage they were intended to do.

Yep. And if you think about it, the guy who said this would never kill anyone was wrong. If whoever is doing this (my money is on my own government, the bastards) is willing to interfere with banking infrastructure, it's not a huge leap from that to mess with transportation, power, or even medical systems. I mean, you can destroy an economy with this Gauss virus or something like it, and that would indirectly kill people. But shutting off the power to a major city, or screwing with the computers needed to keep a major hospital going? Thousands will die, if not more. We're on the verge of something terrifying.

Von Strimmer:

McMullen:
Dear government, if you are making these, please stop. I'd trust Iran with nukes more than I trust you to keep these trojans under control. What you're doing doesn't improve global security, it threatens it.

I agree, this smacks of government monitoring.

Blatant guessing: I would say set up by US government to observe spending patterns on terrorism related expenditure. Sounds too well done to be home style programming.

More likely a US - Israeli joint operation, then. Israel has already launched a few viruses of its own to Iran and Lebanon.

http://www.independent.co.uk/news/world/middle-east/israel-hints-it-may-be-behind-flame-supervirus-targeting-iran-7800935.html

Well I had to go check to see if I had Palida Narrow in my fonts. Luckily, not.

 

Reply to Thread

Log in or Register to Comment
Have an account? Login below:
With Facebook:Login With Facebook
or
Username:  
Password:  
  
Not registered? To sign up for an account with The Escapist:
Register With Facebook
Register With Facebook
or
Register for a free account here