New Flame-Style Virus Hits International Banks

Karloff

New member
Oct 19, 2009
6,474
0
0
New Flame-Style Virus Hits International Banks



Gauss, the latest addition to the Stuxnet virus family, has been found in Lebanon, Israel and Palestine.

Kaspersky Labs - the Moscow-based anti-virus company - have identified another member of the Stuxnet virus family. Dubbed Gauss, after mathematician Johann Carl Friedrich Gauss, this virus has been identified in banks across the Middle East, mostly in Lebanon, but also in Israel and Palestine. It also targets users of Citibank and PayPal. Approximately 2,500 machines have been confirmed infected with Gauss; a significant increase over its predecessor Flame [http://www.escapistmagazine.com/news/view/117655-Flame-Virus-Freaking-Out-Cybersecurity-Personnel-Worldwide], which only hit 700 machines in Iran. Kaspersky suspects that this is the tip of the iceberg, and that Gauss probably hit tens of thousands of machines that it doesn't yet know about. Gauss has been designed as a data-collector, but may also have been intended to attack - even destroy - financial networks.

Kaspersky is confident that Gauss is from the Stuxnet family. Kaspersky alleges that Gauss shares significant commonalities with Flame, including "similar architectural platforms, module structures, code bases and means of communication with command & control (C&C) servers." However where Flame went for government and educational machines, Gauss is purely a financial shark that, Kaspersky estimates, has been in operation since September 2011. "The Gauss C&C infrastructure was shutdown in July 2012 shortly after its discovery," said Kaspersky in its official statement. "Currently the malware is in a dormant state, waiting for its C&C servers to become active."

It's impossible to be sure what Gauss is intended to do, but the likelihood is Gauss was built to monitor financial transactions. Alexander Gostev of Kaspersky called it a "complex cyber-espionage toolkit," and added that "Gauss targets multiple users in select countries to steal large amounts of data, with a specific focus on banking and financial information." It's also capable of collecting access credentials for various online banking systems and payment methods, which suggests that Gauss was built to steal as well as to monitor cash flow. It may have been intended as an attack weapon, as well as an intelligence gathering device.

Its initial infection point is unknown but it spreads stealthily and in a controlled manner, making it difficult to detect. Like previous versions Gauss can also infect via USB devices, but according to Kaspersky it does so in a more "intelligent" manner than its previous iterations. "Gauss is capable of "disinfecting" the drive under certain circumstances," says Kaspersky's official statement, "and uses the removable media to store collected information in a hidden file. Another activity of the Trojan is the installation of a special font called Palida Narrow, and the purpose of this action is still unknown."

Of course, the really fun fact about Flame was that it got off the reservation. Though initially reported in Iran, it later was found in North America and Europe. Kaspersky still don't know exactly how many machines are infected with Gauss but, though their provisional estimate suggests that the Middle East was the primary target zone, if PayPal and Citibank were targeted then Gauss could end up ... pretty much anywhere.

Source: Kaspersky Labs [http://www.guardian.co.uk/technology/2012/aug/09/stuxnet-gauss-virus-kaspersky]


Permalink
 

Meight08

*Insert Funny Title*
Feb 16, 2011
817
0
0
Let's hope this virus doesn't cause a pandemic
God that was horrible
 

NLS

Norwegian Llama Stylist
Jan 7, 2010
1,594
0
0
Kopikatsu said:
Now I'm wondering what Palida Narrow looks like.
A quick google image search gave me the following; some dogs, a flower, other "internet security" images from related articles, and a naked butt.

Maybe it's some ploy to gain licensing money for the font or some other evil plan. I dunno lol.

What happened to good old "normal" warfare, you know, where you didn't infect thousands of innocent computers worldwide just so you can cripple financial targets in the middle east? It's all fun and games until someone leaks documents that bind these actions to some western government.
 

samahain

New member
Sep 23, 2010
78
0
0
This is terrible 8(
CYBERDiNE terrible...

I really don't like the use of an obscure font. Looks to me like a sort of tag or tracking method.

In all seriousness, this is a ticking time bomb...
 

Xan Krieger

Completely insane
Feb 11, 2009
2,918
0
0
"means of communication with command & control (C&C) servers."

Saw C&C and instantly thought of GDI's gauss weapons in Command and Conquer. The names could not be better.
 

McMullen

New member
Mar 9, 2010
1,334
0
0
Dear government, if you are making these, please stop. I'd trust Iran with nukes more than I trust you to keep these trojans under control. What you're doing doesn't improve global security, it threatens it.
 

zerragonoss

New member
Oct 15, 2009
333
0
0
samahain said:
This is terrible 8(
CYBERDiNE terrible...

I really don't like the use of an obscure font. Looks to me like a sort of tag or tracking method.

In all seriousness, this is a ticking time bomb...
Well yes it is but its still seems much preferable to actual bombs. It seems highly unlikely that cyber warfare or espionage is ever going to be nearly as bad the actual versions so I praise it. The scary thing is that it can reach more people farther away than any short of a WMD and does not require the inferstructure that those do. This maans people realize they could easily be affected by it, but its outcome is still does not include anyone dying.
 

Owyn_Merrilin

New member
May 22, 2010
7,370
0
0
zerragonoss said:
samahain said:
This is terrible 8(
CYBERDiNE terrible...

I really don't like the use of an obscure font. Looks to me like a sort of tag or tracking method.

In all seriousness, this is a ticking time bomb...
Well yes it is but its still seems much preferable to actual bombs. It seems highly unlikely that cyber warfare or espionage is ever going to be nearly as bad the actual versions so I praise it. The scary thing is that it can reach more people farther away than any short of a WMD and does not require the inferstructure that those do. This maans people realize they could easily be affected by it, but its outcome is still does not include anyone dying.
The other problem is that you don't have to declare war to go into an all out cyber war. The national and international laws of war officially need to catch up to technology in a way they haven't since the end of World War I. This is going to get much worse before it gets better.
 

Formica Archonis

Anonymous Source
Nov 13, 2009
2,312
0
0
NLS said:
Kopikatsu said:
Now I'm wondering what Palida Narrow looks like.
A quick google image search gave me the following; some dogs, a flower, other "internet security" images from related articles, and a naked butt.
It's a plan to moon people remotely! THOSE FIENDS!

NLS said:
What happened to good old "normal" warfare, you know, where you didn't infect thousands of innocent computers worldwide just so you can cripple financial targets in the middle east? It's all fun and games until someone leaks documents that bind these actions to some western government.
And then nothing will change.:/

It's odd, I just finished reading a short story where viruses were used to collapse banking infrastructure, then a foreign military went in to restore orderannex the place.
 

The Random One

New member
May 29, 2008
3,310
0
0
rolfwesselius said:
Let's hope this virus doesn't cause a pandemic
God that was horrible
I... I think that's not even a pun. Virus get their name through analogy. By that token, you could call uncontrolled spread of malware a pandemic and it'd make sense.

Try this: Thinking of the people who made this makes me sick.

NLS said:
Kopikatsu said:
Now I'm wondering what Palida Narrow looks like.
A quick google image search gave me the following; some dogs, a flower, other "internet security" images from related articles, and a naked butt.

Maybe it's some ploy to gain licensing money for the font or some other evil plan. I dunno lol.

What happened to good old "normal" warfare, you know, where you didn't infect thousands of innocent computers worldwide just so you can cripple financial targets in the middle east? It's all fun and games until someone leaks documents that bind these actions to some western government.
Yeah, nothing like the good old days when people were murdered, genocided, tortured and raped! Being slightly inconvenienced is much worse because maybe it'll affect me personally!
 

tsb247

New member
Mar 6, 2009
1,783
0
0
Give the folks at Kapersky and Norton a few weeks, and they will have this thing figured out. The first step to eliminating a computer virus is identification. That has obviously been done, and they have also probably decompiled it given the wording of the article. I would say, "Crisis averted," and move on.
 

Hero in a half shell

It's not easy being green
Dec 30, 2009
4,286
0
0
Xan Krieger said:
"means of communication with command & control (C&C) servers."

Saw C&C and instantly thought of GDI's gauss weapons in Command and Conquer. The names could not be better.
So that's what Westwood have been doing all this time.

Also, although no one is saying it... Are we all agreed it's totally America behind these viruses? I mean, Iran getting their nuclear programme infected with spyware, and then hijacking it with AC/DC when it was found. There's only one country that could be, and it ain't the Nepalese.
 

PrinceOfShapeir

New member
Mar 27, 2011
1,849
0
0
Hero in a half shell said:
Xan Krieger said:
"means of communication with command & control (C&C) servers."

Saw C&C and instantly thought of GDI's gauss weapons in Command and Conquer. The names could not be better.
So that's what Westwood have been doing all this time.

Also, although no one is saying it... Are we all agreed it's totally America behind these viruses? I mean, Iran getting their nuclear programme infected with spyware, and then hijacking it with AC/DC when it was found. There's only one country that could be, and it ain't the Nepalese.
Yeah, the United States is the only country that has the know-how to make a virus oh god I can't maintain the sarcasm there are -plenty- of countries it could be. The United States, Israel, China, Japan, Russia, France, the U.K., basically any country that isn't a complete shithole.
 

Evil Smurf

Admin of Catoholics Anonymous
Nov 11, 2011
11,597
0
0
McMullen said:
Dear government, if you are making these, please stop. I'd trust Iran with nukes more than I trust you to keep these trojans under control. What you're doing doesn't improve global security, it threatens it.
You can hide in my bunker if you want

Redlin5 said:
I really, really hate viruses. Wouldn't it be nice if no more of them were made?

It takes a real arsehat to make a virus. I wonder if it would be a crime for American Citizens to have an anti virus which negates this virus......*strokes beard*