Gauss, Blending of National-Level Online Surveillance and Banking Malware
Security researchers at Kaspersky Lab are cautioning of Gauss, one complicated cyber-espionage toolkit that governments sponsor to facilitate malware assaults very much associated with Stuxnet and Flame; however is an amalgamation of national level cyber-spying and a Trojan for Internet banking.
It was around mid-2011 when Gauss was created, with Kaspersky conjecturing that the malware's creator is highly likely to be the same people who developed the Flame Trojan.
Intriguingly, Gauss is capable of filching 'credentials' for accessing different Internet-banking systems as well as payment techniques, or databases of different types from contaminated computers running Windows OS. Overall, it steals computers' drives, details about network interfaces as also information regarding BIOS.
Moreover, codes formed with Gauss garner inputs into Web-browsers, including every operation of the victim visiting a website along with his user password.
Although it isn't known what its foremost contamination medium is, however, Gauss contaminates USB devices, as also abuses the identical security flaw of LNK that helped disseminate Flame and Stuxnet amongst different computers, in the past, despite not Internet-enabled.
A posting by experts belonging to the Worldwide Research and Analysis Team from Kaspersky indicates that the Gauss payload for stealing data from USB devices has many encrypted segments that get decrypted using code developed from specific system properties. Softpedia.com published this on August 9, 2012.
Meanwhile, Gauss' capability of filching financial credentials is what has truly surprised everyone. The Gauss-created malicious software particularly targets many Lebanese bank accountholders with BlomBank and Bank of Beirut clients included, in addition to PayPal and Citibank customers, states Kaspersky.
As per the company's experts, never before has a government-sponsored cyber-espionage attack been witnessed using a banker Trojan. Quite unknown is if the perpetrators indeed aimed at moving money out of bank accounts belonging to the victims alternatively if the objective was to track particular targets' funding/finance sources, they elaborate. Arstechnica.com published this dated August 8, 2012.
Eventually the experts post that the idea about Gauss being utilized for stealing money that's further utilized for funding additional projects involving Stuxnet or Flame doesn't quite match with the notion about assaults that could be government-sponsored.
Related article: Gozi Trojan Returns as a New Variant
» SPAMfighter News - 17-08-2012