New 'Gauss' virus found by Russia's Kaspersky Lab (Update)

Aug 09, 2012 by RAPHAEL SATTER
Employees of Kaspersky Lab work in 2011. A new "state-sponsored" cyber surveillance virus dubbed "Gauss" has stolen passwords and key data from thousands of bank users in the Middle East, the top IT security firm Kaspersky Lab said Thursday.

A new computer virus tied to some of the most sophisticated cyberweapons thus-far discovered has been found circulating in the Middle East, a Moscow-based computer security company said Thursday. If a link were confirmed, the find would expand the electronic arsenal reportedly deployed by the U.S. and Israel against their rivals in the region.

Kaspersky Lab ZAO said in a statement that the new virus, dubbed "Gauss," was aimed at stealing financial information from customers of a series of Lebanese banks.

The firm said that similarities in coding, structure, and operation meant it could say "with a high degree of certainty" that Gauss was related to "Flame," a sophisticated piece of spyware which prompted an Internet blackout across Iran's oil industry in April, and to "Stuxnet," an infrastructure-wrecking worm whose discovery revolutionized the cybersecurity field.

The statement acknowledged that much remained unclear about the virus's capabilities — including its ultimate purpose. Kaspersky said that the virus's command-and-control servers were shut down last month, meaning that, for the time being, "the malware is in a dormant state."

Kaspersky outlined several similarities which Gauss shared with Flame, a program which was recently-discovered vacuuming information from computers in Iran. So powerful was the spyware that in late April Iranian officials briefly disconnected the entire country's oil industry — including the Oil Ministry, energy rigs, and the strategic Khark Island oil terminal — in a bid to contain Flame's data theft.

Flame in turn has been linked to Stuxnet, an ambitious program aimed at sabotaging uranium enrichment at Iranian nuclear facilities. Stuxnet's discovery in 2010 was of particular interest to cybersecurity professionals because it interfered with the action of German-made centrifuges — the most high-profile example to date of a computer virus causing physical havoc at an industrial facility.

Recent reports in The New York Times and The Washington Post have tied both Flame and Stuxnet to a secret U.S.-Israeli program aimed at destabilizing Iran's atomic energy program, which many Western countries believe is a cover for the development of nuclear weapons.

It isn't exactly clear how Gauss would fit in to such a program, and Kaspersky acknowledged that stealing money from banks didn't seem like an activity state-backed actors were likely to be engaged in.

Other anti-virus firms were still digesting Gauss's code Thursday.

"People are definitely getting excited about it because of the supposed connection to Flame and Stuxnet," Chris Astacio, of San Diego-based Websense, said in telephone interview. "But without looking at the binary (the raw code of the virus) we can't really comment."

Kaspersky said it was working with the International Telecommunication Union to notify those affected by the infection.

A call and an email to the Geneva-based organization were not immediately returned.

Explore further: UN moves to strengthen digital privacy (Update)

More information:
Kaspersky's Q & A on Gauss: bit.ly/N9EvcM

Kaspersky's analysis of the virus: bit.ly/ThT1hr

5 /5 (2 votes)
add to favorites email to friend print save as pdf

Related Stories

Malware hunter Kaspersky warns of cyber war dangers

Jun 06, 2012

The Russian malware hunter whose firm discovered the Flame virus said Wednesday there could be plenty more malicious code out there, and warned he feared a disastrous cyber attack could be coming.

Flame virus linked to Stuxnet: researchers (Update 2)

Jun 11, 2012

The Flame computer virus which has been raging in the Middle East has strong links to Stuxnet, a malware program widely believed to have been developed by the United States or Israel, a security firm said Monday.

Kaspersky team reveals Stuxnet family of weapons

Dec 29, 2011

(PhysOrg.com) -- The Stuxnet cyber weapon that was designed to cripple control systems in Iran’s nuclear plant was just one of five weapons engineered in the same lab, and three have not been released yet. That is the ...

Flame spy virus gets order to vanish: experts

Jun 10, 2012

US computer security researchers said Sunday that the Flame computer virus that smoldered undetected for years in Middle Eastern energy facilities has gotten orders to vanish, leaving no trace.

Recommended for you

UN moves to strengthen digital privacy (Update)

Nov 25, 2014

The United Nations on Tuesday adopted a resolution on protecting digital privacy that for the first time urged governments to offer redress to citizens targeted by mass surveillance.

Spotify turns up volume as losses fall

Nov 25, 2014

The world's biggest music streaming service, Spotify, announced Tuesday its revenue grew by 74 percent in 2013 while net losses shrank by one third, in a year of spectacular expansion.

Virtual money and user's identity

Nov 25, 2014

Bitcoin is the new money: minted and exchanged on the Internet. Faster and cheaper than a bank, the service is attracting attention from all over the world. But a big question remains: are the transactions ...

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.