New State-Sponsored Malware "Gauss" Making the Rounds - Slashdot

Slashdot

New State-Sponsored Malware "Gauss" Making the Rounds 106

Posted by timothy on Thursday August 09, 2012 @02:31PM
from the just-in-the-neighborhood dept.

EliSowash writes "A newly uncovered espionage tool, apparently designed by the same people behind the state-sponsored Flame malware that infiltrated machines in Iran, has been found infecting systems in other countries in the Middle East, according to Kaspersky researchers. Gauss is a nation-state-sponsored banking Trojan which carries a warhead of unknown designation. Besides stealing various kinds of data from infected Windows machines, it also includes an unknown, encrypted payload which is activated on certain specific system configurations. Just like Duqu was based on the 'Tilded' platform on which Stuxnet was developed, Gauss is based on the 'Flame' platform."

This discussion has been archived. No new comments can be posted.

New State-Sponsored Malware "Gauss" Making the Rounds

Search 106 Comments Log In/Create an Account

Comments Filter:

Re:So stupid it's got to be official. (Score:4, Interesting)

by CanHasDIY (1672858) writes: on Thursday August 09, 2012 @03:00PM (#40936019) Homepage Journal

yes but when you use it you are a threat to national security/terrorist....
Unless you run a bank like HSBC.

Then you get a slap on the wrist and stern talkin' to. [bdnews24.com]

Gitmo is reserved for the proles; Party members need not concern themselves.

Parent Share
twitter facebook linkedin
Re:What? (Score:4, Interesting)

by FalconZero (607567) writes: <{FalconZero} {at} {Gmail.com}> on Thursday August 09, 2012 @03:29PM (#40936461)

I think it's a mixed bag of things. Unmangled variables would be a great help - could tell you the native language of the developers. Code style can give hints as well - you can compare the style of code with the style of a known sample to give hints. Machine code structure can tell you which compiler was used (which gives you more hints).

If the developers used pure assembler (which people don't any more *laments*), and scrubbed your code properly you could make it much harder to trace (but doing so in itself gives you clues about the creator.

Parent Share
twitter facebook linkedin
State Sponsored... (Score:1, Interesting)

by efensive (2697763) writes: on Thursday August 09, 2012 @03:32PM (#40936507) Homepage

It's amusing to see how much the term "State Sponsored" is thrown around regarding these variants. Sooner or later, everything will be labeled as such to the point where truly "state sponsored" won't even matter. Further disturbing is the annoying mechanisms in which companies like Kaspersky wildly and broadly word their articles often allowing for insane inferences to be made. For example, floating around is news that the US did this to follow the money trail for terrorists. Really? Because a national security letter to Visa, Mastercard and Paypal wouldn't get them the data quicker? Not to mention SWIFT, PROMIS and other controls are in place and have been for years

If you follow the verbiage from Kaspersky over the last few years, one may infer he outright hates the US, is working for the FSB or something way out there. So I quote what I saw on Twitter: World according to Kaspersky: 's:^:US developed (Gauss\|Stuxnet\|Flame):g' || if [ -e $MALICE ]|\then|\ echo USA|\ fi

Share
twitter facebook linkedin
one step closer to the world of Neal Stephenson (Score:3, Interesting)

by Doubting Sapien (2448658) writes: on Thursday August 09, 2012 @04:21PM (#40937259)

In "The Diamond Age", sovereign powers and those with the means engage in (more or less) open conflict using nanomachines colloquially referred to as "mites". Particularly vicious "battles" in these conflicts manifest as smog-like pollution formed by mites of opposing factions destroying each other and leaving inert carcasses hanging in the air and settling over streets, building, etc. like a kind of artificial dust. Those unlucky enough to be caught outside during these times breath them in and have no end of resulting health problems. One of the secondary characters in the story actually ends up in a chronic/palliative care facility as a result of such ill health. Such are the collateral damages in this imagined world. Things like Stuxnet and now the subject of this article appears to be the manifestations of a software form of this type of "armed conflict" (if you can call it that.) Similarly, when non-targeted individuals become infected or otherwise gets caught in the cross-fire, collateral damages result in the form of lost productivity or perhaps just general nuisance. So......
Ask slashdot:
Can you think of an effective way for non-government affiliated denizens of the Internet to respond to such emerging scenarios where geo-politically driven cyber-conflicts have the potential to harm non-participants? For example, would it be appropriate to form an Internet version of the International Red Cross?

Parent Share
twitter facebook linkedin
Re:So stupid it's got to be official. (Score:2, Interesting)

by ceoyoyo (59147) writes: on Thursday August 09, 2012 @04:29PM (#40937381)

It takes time to develop and test an update and flash a system (not to mention money). Gauss is certainly time-limited, but that might be a feature. If you wanted to shut down Iranian centrifuges, for example, you could just send out a copy specific to those configurations. The Iranian centrifuge operators get attacked, realized they're the target (but nobody believes them), and spend time and money flashing their systems. Next week, Gauss2 comes out, same as last time but with "Penis" appended to the version strings it's looking for. Repeat. Good deniability, no collateral damage and annoying as hell to your target.

Parent Share
twitter facebook linkedin
May inspire a Windows exodus... (Score:5, Interesting)

by Kazoo the Clown (644526) writes: on Thursday August 09, 2012 @05:26PM (#40938221)

If these events cause mass flight from Microsoft products, the NSA or whoever wrote the darn thing might want to think twice before they go to Microsoft asking for any back doors or any other favors, I suspect Ballmer won't take too kindly to the idea of exploiting Windows in the name of national security if it takes a big ding out of their bottom line...

Share
twitter facebook linkedin
Internet terrorism (Score:2, Interesting)

by bmo (77928) writes: on Thursday August 09, 2012 @09:08PM (#40940679)

Countries that release stuff like this into the wild are criminal rogue states. It's like dumping agent-orange not just on the jungles of Vietnam during war, but on the entire planet as a whole.
There are no borders on the Internet. What you release is not limited to your target and affects everyone.
One can only hope that the governments that released Flame, Stuxnet, and now this, become victims of their own weapons.
Yes, I do know who that likely means. I certainly hope it comes back to bite us like a torpedo circling around and targeting its own submarine. Maybe then someone will learn a thing or two about not shitting where you eat.
--
BMO

Share
twitter facebook linkedin

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

546 commentsChanging the Ratio of Women In Tech: How Etsy Did It
334 commentsLast Forking Warning For Bitcoin
288 commentsResearcher Evan Booth: How To Weaponize Tax-Free Airport Goods
274 commentsBotched Security Update Cripples Thousands of Computers
234 commentsFedora 19 To Stop Masking Passwords

"I don't think so," said Ren'e Descartes. Just then, he vanished.