New 'Gauss' virus found by Russia's Kaspersky Lab (Update)

Aug 09, 2012 by RAPHAEL SATTER
Employees of Kaspersky Lab work in 2011. A new "state-sponsored" cyber surveillance virus dubbed "Gauss" has stolen passwords and key data from thousands of bank users in the Middle East, the top IT security firm Kaspersky Lab said Thursday.

A new computer virus tied to some of the most sophisticated cyberweapons thus-far discovered has been found circulating in the Middle East, a Moscow-based computer security company said Thursday. If a link were confirmed, the find would expand the electronic arsenal reportedly deployed by the U.S. and Israel against their rivals in the region.

Kaspersky Lab ZAO said in a statement that the new virus, dubbed "Gauss," was aimed at stealing financial information from customers of a series of Lebanese banks.

The firm said that similarities in coding, structure, and operation meant it could say "with a high degree of certainty" that Gauss was related to "Flame," a sophisticated piece of spyware which prompted an Internet blackout across Iran's oil industry in April, and to "Stuxnet," an infrastructure-wrecking worm whose discovery revolutionized the cybersecurity field.

The statement acknowledged that much remained unclear about the virus's capabilities — including its ultimate purpose. Kaspersky said that the virus's command-and-control servers were shut down last month, meaning that, for the time being, "the malware is in a dormant state."

Kaspersky outlined several similarities which Gauss shared with Flame, a program which was recently-discovered vacuuming information from computers in Iran. So powerful was the spyware that in late April Iranian officials briefly disconnected the entire country's oil industry — including the Oil Ministry, energy rigs, and the strategic Khark Island oil terminal — in a bid to contain Flame's data theft.

Flame in turn has been linked to Stuxnet, an ambitious program aimed at sabotaging uranium enrichment at Iranian nuclear facilities. Stuxnet's discovery in 2010 was of particular interest to cybersecurity professionals because it interfered with the action of German-made centrifuges — the most high-profile example to date of a computer virus causing physical havoc at an industrial facility.

Recent reports in The New York Times and The Washington Post have tied both Flame and Stuxnet to a secret U.S.-Israeli program aimed at destabilizing Iran's atomic energy program, which many Western countries believe is a cover for the development of nuclear weapons.

It isn't exactly clear how Gauss would fit in to such a program, and Kaspersky acknowledged that stealing money from banks didn't seem like an activity state-backed actors were likely to be engaged in.

Other anti-virus firms were still digesting Gauss's code Thursday.

"People are definitely getting excited about it because of the supposed connection to Flame and Stuxnet," Chris Astacio, of San Diego-based Websense, said in telephone interview. "But without looking at the binary (the raw code of the virus) we can't really comment."

Kaspersky said it was working with the International Telecommunication Union to notify those affected by the infection.

A call and an email to the Geneva-based organization were not immediately returned.

Explore further: Study: Social media users shy away from opinions

More information:
Kaspersky's Q & A on Gauss:

Kaspersky's analysis of the virus:

5 /5 (2 votes)
add to favorites email to friend print save as pdf

Related Stories

Malware hunter Kaspersky warns of cyber war dangers

Jun 06, 2012

The Russian malware hunter whose firm discovered the Flame virus said Wednesday there could be plenty more malicious code out there, and warned he feared a disastrous cyber attack could be coming.

Flame virus linked to Stuxnet: researchers (Update 2)

Jun 11, 2012

The Flame computer virus which has been raging in the Middle East has strong links to Stuxnet, a malware program widely believed to have been developed by the United States or Israel, a security firm said Monday.

Kaspersky team reveals Stuxnet family of weapons

Dec 29, 2011

( -- The Stuxnet cyber weapon that was designed to cripple control systems in Iran’s nuclear plant was just one of five weapons engineered in the same lab, and three have not been released yet. That is the ...

Flame spy virus gets order to vanish: experts

Jun 10, 2012

US computer security researchers said Sunday that the Flame computer virus that smoldered undetected for years in Middle Eastern energy facilities has gotten orders to vanish, leaving no trace.

Recommended for you

Study: Social media users shy away from opinions

Aug 26, 2014

People on Facebook and Twitter say they are less likely to share their opinions on hot-button issues, even when they are offline, according to a surprising new survey by the Pew Research Center.

US warns shops to watch for customer data hacking

Aug 23, 2014

The US Department of Homeland Security on Friday warned businesses to watch for hackers targeting customer data with malicious computer code like that used against retail giant Target.

Fitbit to Schumer: We don't sell personal data

Aug 22, 2014

The maker of a popular line of wearable fitness-tracking devices says it has never sold personal data to advertisers, contrary to concerns raised by U.S. Sen. Charles Schumer.

Should you be worried about paid editors on Wikipedia?

Aug 22, 2014

Whether you trust it or ignore it, Wikipedia is one of the most popular websites in the world and accessed by millions of people every day. So would you trust it any more (or even less) if you knew people ...

Philippines makes arrests in online extortion ring

Aug 22, 2014

Philippine police have arrested eight suspected members of an online syndicate accused of blackmailing more than 1,000 Hong Kong and Singapore residents after luring them into exposing themselves in front of webcam, an official ...

User comments : 0