Kaspersky Labs has been very active in identifying a number of notorious cyber-security risks recently. It brought to limelight the notorious virus called ‘Flame’ which recently sent shivers down the spine of those concerned about cyber security. Flame, it was argued, couldn’t have been created without the backing of a country. But that’s not the end of it.
Kaspersky Labs has now been able to identify yet another nefarious cyber-espionage tool which it is calling ‘Gauss.’ Guass, the anti-virus company states, had apparently been created specifically to target banks and financial institutions in the Middle East.
It is a sophisticated tool which is able to steal critical data such as online banking accounts, browser passwords and cookies and system configurations. Kaspersky is of the opinion that the same authors who created Stuxnet and Flame are the ones who are behind the creation of Gauss.
This claim is based on the fact that Gauss make use of the same architecture as Flame and Stuxnet. Thus, Kaspersky argues, Gauss too is a tool which has been created by a nation-state and not by some individual hacker. It was launched back in September 2011 and according to the company, “There is enough evidence that this is closely related to Flame and Stuxnet, which are nation-state sponsored attacks. We have evidence that Gauss was created by the same “factory” (or factories) that produced Stuxnet, Duqu and Flame.”
Gauss is able to not only steal data and infect USBs, it can also disinfect drives when it wants and store the stolen data in hidden files. According to the Kaspersky blog post, it has infected 2,500 machines so far and has been able to swipe data from the likes of BlomBank, ByblosBank, Bank of Beirut, FransaBank and Credit Libanais. The chief targets of the virus seem to be banks in the Middle East with special emphasis on Lebanon.
Kaspersky Labs is still studying the virus and is trying to find out what is the payload of Gauss. So far, it has discovered that Gauss is more of a modular system and the number of modules it uses in any infected machine may vary.
Source: Secure List