New 'Gauss' virus found by Russia's Kaspersky Lab (Update)

August 9, 2012 by RAPHAEL SATTER
Employees of Kaspersky Lab work in 2011. A new "state-sponsored" cyber surveillance virus dubbed "Gauss" has stolen passwords and key data from thousands of bank users in the Middle East, the top IT security firm Kaspersky Lab said Thursday.

A new computer virus tied to some of the most sophisticated cyberweapons thus-far discovered has been found circulating in the Middle East, a Moscow-based computer security company said Thursday. If a link were confirmed, the find would expand the electronic arsenal reportedly deployed by the U.S. and Israel against their rivals in the region.

Kaspersky Lab ZAO said in a statement that the new virus, dubbed "Gauss," was aimed at stealing financial information from customers of a series of Lebanese banks.

The firm said that similarities in coding, structure, and operation meant it could say "with a high degree of certainty" that Gauss was related to "Flame," a sophisticated piece of spyware which prompted an Internet blackout across Iran's oil industry in April, and to "Stuxnet," an infrastructure-wrecking worm whose discovery revolutionized the cybersecurity field.

The statement acknowledged that much remained unclear about the virus's capabilities — including its ultimate purpose. Kaspersky said that the virus's command-and-control servers were shut down last month, meaning that, for the time being, "the malware is in a dormant state."

Kaspersky outlined several similarities which Gauss shared with Flame, a program which was recently-discovered vacuuming information from computers in Iran. So powerful was the spyware that in late April Iranian officials briefly disconnected the entire country's oil industry — including the Oil Ministry, energy rigs, and the strategic Khark Island oil terminal — in a bid to contain Flame's data theft.

Flame in turn has been linked to Stuxnet, an ambitious program aimed at sabotaging uranium enrichment at Iranian nuclear facilities. Stuxnet's discovery in 2010 was of particular interest to cybersecurity professionals because it interfered with the action of German-made centrifuges — the most high-profile example to date of a computer virus causing physical havoc at an industrial facility.

Recent reports in The New York Times and The Washington Post have tied both Flame and Stuxnet to a secret U.S.-Israeli program aimed at destabilizing Iran's atomic energy program, which many Western countries believe is a cover for the development of nuclear weapons.

It isn't exactly clear how Gauss would fit in to such a program, and Kaspersky acknowledged that stealing money from banks didn't seem like an activity state-backed actors were likely to be engaged in.

Other anti-virus firms were still digesting Gauss's code Thursday.

"People are definitely getting excited about it because of the supposed connection to Flame and Stuxnet," Chris Astacio, of San Diego-based Websense, said in telephone interview. "But without looking at the binary (the raw code of the virus) we can't really comment."

Kaspersky said it was working with the International Telecommunication Union to notify those affected by the infection.

A call and an email to the Geneva-based organization were not immediately returned.

Explore further: Malware hunter Kaspersky warns of cyber war dangers

More information:
Kaspersky's Q & A on Gauss:

Kaspersky's analysis of the virus:


Related Stories

Malware hunter Kaspersky warns of cyber war dangers

June 6, 2012

The Russian malware hunter whose firm discovered the Flame virus said Wednesday there could be plenty more malicious code out there, and warned he feared a disastrous cyber attack could be coming.

Flame virus linked to Stuxnet: researchers (Update 2)

June 11, 2012

The Flame computer virus which has been raging in the Middle East has strong links to Stuxnet, a malware program widely believed to have been developed by the United States or Israel, a security firm said Monday.

Kaspersky team reveals Stuxnet family of weapons

December 29, 2011

( -- The Stuxnet cyber weapon that was designed to cripple control systems in Iran’s nuclear plant was just one of five weapons engineered in the same lab, and three have not been released yet. That is the ...

Flame spy virus gets order to vanish: experts

June 10, 2012

US computer security researchers said Sunday that the Flame computer virus that smoldered undetected for years in Middle Eastern energy facilities has gotten orders to vanish, leaving no trace.

Recommended for you

Top takeaways from Consumers Electronics Show

January 13, 2018

The 2018 Consumer Electronics Show, which concluded Friday in Las Vegas, drew some 4,000 exhibitors from dozens of countries and more than 170,000 attendees, showcased some of the latest from the technology world.

Finnish firm detects new Intel security flaw

January 12, 2018

A new security flaw has been found in Intel hardware which could enable hackers to access corporate laptops remotely, Finnish cybersecurity specialist F-Secure said on Friday.


Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.