Slashdot Mirror

← Back to Stories (view on slashdot.org)

New State-Sponsored Malware "Gauss" Making the Rounds

Posted by timothy on from the just-in-the-neighborhood dept.

EliSowash writes "A newly uncovered espionage tool, apparently designed by the same people behind the state-sponsored Flame malware that infiltrated machines in Iran, has been found infecting systems in other countries in the Middle East, according to Kaspersky researchers. Gauss is a nation-state-sponsored banking Trojan which carries a warhead of unknown designation. Besides stealing various kinds of data from infected Windows machines, it also includes an unknown, encrypted payload which is activated on certain specific system configurations. Just like Duqu was based on the 'Tilded' platform on which Stuxnet was developed, Gauss is based on the 'Flame' platform."

19 of 106 comments (clear)

  1. Re:Yet another part of the world getting pissed of by Kenja · · Score: 4, Funny

    I'M A LEBANESE

    Pics or... wait, I misread that.

    --

    "Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
  2. So stupid it's got to be official. by MRe_nl · · Score: 4, Insightful

    Governments releasing digital weapons on the internet. Thanks for the R&D!
    COPY/PASTE.

    --
    "Kill 'em all and let Root sort 'em out"
    1. Re:So stupid it's got to be official. by CanHasDIY · · Score: 3, Interesting

      yes but when you use it you are a threat to national security/terrorist....

      Unless you run a bank like HSBC.

      Then you get a slap on the wrist and stern talkin' to.

      Gitmo is reserved for the proles; Party members need not concern themselves.

      --
      An enigma, wrapped in a riddle, shrouded in bacon and cheese
    2. Re:So stupid it's got to be official. by antonymous · · Score: 4, Informative
      I know it's bad form to RTFA, but here's the part where they talk about their current inability to properly decrypt the payload:

      The malware uses that configuration to generate a key to unlock the payload and unleash it. Once it finds the configuration itâ(TM)s looking for, it uses that configuration data to perform 10,000 iterations of MD5 to generate a 128-bit RC4 key, which is then used to decrypt the payload. âoeUnless you meet these specific requirements, youâ(TM)re not going to generate the right key to decrypt it,â Schoewenberg says.

  3. I got the solution by courteaudotbiz · · Score: 4, Funny

    Just De-Gauss the infected hard drive

    1. Re:I got the solution by Steve+Baker · · Score: 2

      Overkill, you just need to use Gaussian elimination.

  4. Since when by Black+Parrot · · Score: 4, Funny

    is a gaussian distribution news?

    --
    Sheesh, evil *and* a jerk. -- Jade
    1. Re:Since when by Gertlex · · Score: 2

      Well it's certainly not normal! Oh wait...

      (disclaimer: I had to look it up :( )

    2. Re:Since when by kelfink · · Score: 2

      The author is biased.

  5. Re:New State-Sponsored WINDOWS Malware. by cant_get_a_good_nick · · Score: 2

    I think we all assume massive malware failures on Microsoft. That's a statement, though you can read that as a troll/joke, which is kind of scary in it's own way - MS is so bad that the joke is you assume its the bad one.

    Mac OSX is getting enough inroads to make it commercially viable to produce malware, but in a weird way I think people will skip it and move more quickly to Android/iOS.

  6. Re:Names by MrSenile · · Score: 2

    Yes, I believe he was hoping for a picture of that rim... oh shot...

    Sorry. misread that.

  7. Re:What? by FalconZero · · Score: 3, Interesting

    I think it's a mixed bag of things. Unmangled variables would be a great help - could tell you the native language of the developers. Code style can give hints as well - you can compare the style of code with the style of a known sample to give hints. Machine code structure can tell you which compiler was used (which gives you more hints).

    If the developers used pure assembler (which people don't any more *laments*), and scrubbed your code properly you could make it much harder to trace (but doing so in itself gives you clues about the creator.

    --
    Windows in 6 Bytes (IA-32) : 90 90 90 90 CD 19
  8. Re:What? by X0563511 · · Score: 3, Informative

    While cleaning rootkits off servers and such, you'd be surprised. Half the time they go right out and say who made it and when. Usually with some silly message or statement, too.

    --
    For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
  9. Re:New State-Sponsored WINDOWS Malware. by xerxesVII · · Score: 4, Funny

    Well according the helpful lads at 4chan, that folder is usually just filled with malware. They recommend deleting that folder. Seems like a pretty good idea.

    --
    "We shall grapple with the ineffable, and see if we may not eff it after all." - Douglas Adams
  10. Wouldn't it be easier by HexaByte · · Score: 4, Funny

    Wouldn't it be easier to just send them all an e-mail: "Hello, I am Mrs. Kadafi, wife of the late ruler of Lybia. My husband left me with 300 millions USD in a Swiss account..."

    --
    HexaByte - he's a square and a half!
  11. one step closer to the world of Neal Stephenson by Doubting+Sapien · · Score: 3, Interesting

    In "The Diamond Age", sovereign powers and those with the means engage in (more or less) open conflict using nanomachines colloquially referred to as "mites". Particularly vicious "battles" in these conflicts manifest as smog-like pollution formed by mites of opposing factions destroying each other and leaving inert carcasses hanging in the air and settling over streets, building, etc. like a kind of artificial dust. Those unlucky enough to be caught outside during these times breath them in and have no end of resulting health problems. One of the secondary characters in the story actually ends up in a chronic/palliative care facility as a result of such ill health. Such are the collateral damages in this imagined world. Things like Stuxnet and now the subject of this article appears to be the manifestations of a software form of this type of "armed conflict" (if you can call it that.) Similarly, when non-targeted individuals become infected or otherwise gets caught in the cross-fire, collateral damages result in the form of lost productivity or perhaps just general nuisance. So......

    Ask slashdot:

    Can you think of an effective way for non-government affiliated denizens of the Internet to respond to such emerging scenarios where geo-politically driven cyber-conflicts have the potential to harm non-participants? For example, would it be appropriate to form an Internet version of the International Red Cross?

    --
    ========== "Hello World" in my programming language of choice: ATG - LET THERE BE LIFE - TAG ==========
  12. Re:New State-Sponsored WINDOWS Malware. by Johann+Lau · · Score: 3, Insightful

    Actually, it doesn't. Had those plants been running Linux workstations, the malware would target Linux. Likely without breaking a sweat.

  13. May inspire a Windows exodus... by Kazoo+the+Clown · · Score: 4, Interesting

    If these events cause mass flight from Microsoft products, the NSA or whoever wrote the darn thing might want to think twice before they go to Microsoft asking for any back doors or any other favors, I suspect Ballmer won't take too kindly to the idea of exploiting Windows in the name of national security if it takes a big ding out of their bottom line...

  14. Re:Identifying printed documents? by plover · · Score: 2

    Interesting idea, but I bet the creators are much more cognizant of operational security. I doubt they surf the web from the development machines.

    I'm guessing the development boxes are actually VMs inside their workstations. Think about it: would you really want to unit test a malware payload on a machine connected to the rest of your lab, or connected to the entire world?

    --
    John