Thursday 9 August 2012

Cyber-warfare rumbles on with Gauss

Hot on the heals of Stuxnet, Duqu and Flame comes another highly sophisticated "nation state" sponsored malware dubbed "Gauss".  Analysts at Kaspersky Labs de-engineering Gauss are saying it shares many elements of the same source code of the Stuxnet Worm and Flame, therefore have concluded it could only have been made by the same people, and given this new malware's specific purpose, underlines the link to another state sponsored cyber attack within the middle east.

I posted who was behind Flame in flame-culprit-fingered, no doubt it's the same folk behind Gauss.

At present Gauss is specifically targeting financial users in Lebanon, stealing web browser history, browser passwords and host system configuration details. However the main purpose of Gauss appears to be that it steals account credentials from specific Lebanese online banks, and from PayPal and CitiBank, probably to monitor and collect details from financial transactions rather than steal money like traditional criminally focused malware. Like Flame, Gauss is very stealthy in nature and has the ability to delete itself once the malware has completed it's seemingly recognisance task.

For more info on Gauss visit http://www.kaspersky.com/Gauss_A_New_Complex_Cyber_Threat

No comments: