New State-Sponsored Malware "Gauss" Making the Rounds

EliSowash writes "A newly uncovered espionage tool, apparently designed by the same people behind the state-sponsored Flame malware that infiltrated machines in Iran, has been found infecting systems in other countries in the Middle East, according to Kaspersky researchers. Gauss is a nation-state-sponsored banking Trojan which carries a warhead of unknown designation. Besides stealing various kinds of data from infected Windows machines, it also includes an unknown, encrypted payload which is activated on certain specific system configurations. Just like Duqu was based on the 'Tilded' platform on which Stuxnet was developed, Gauss is based on the 'Flame' platform."

Re:So stupid it's got to be official.

[antonymous]

I know it's bad form to RTFA, but here's the part where they talk about their current inability to properly decrypt the payload:

The malware uses that configuration to generate a key to unlock the payload and unleash it. Once it finds the configuration itâ(TM)s looking for, it uses that configuration data to perform 10,000 iterations of MD5 to generate a 128-bit RC4 key, which is then used to decrypt the payload. âoeUnless you meet these specific requirements, youâ(TM)re not going to generate the right key to decrypt it,â Schoewenberg says.

Re:What?

[X0563511]

While cleaning rootkits off servers and such, you'd be surprised. Half the time they go right out and say who made it and when. Usually with some silly message or statement, too.