Slashdot Mirror

← Back to Stories (view on slashdot.org)

New State-Sponsored Malware "Gauss" Making the Rounds

Posted by timothy on from the just-in-the-neighborhood dept.

EliSowash writes "A newly uncovered espionage tool, apparently designed by the same people behind the state-sponsored Flame malware that infiltrated machines in Iran, has been found infecting systems in other countries in the Middle East, according to Kaspersky researchers. Gauss is a nation-state-sponsored banking Trojan which carries a warhead of unknown designation. Besides stealing various kinds of data from infected Windows machines, it also includes an unknown, encrypted payload which is activated on certain specific system configurations. Just like Duqu was based on the 'Tilded' platform on which Stuxnet was developed, Gauss is based on the 'Flame' platform."

8 of 106 comments (clear)

  1. Re:Yet another part of the world getting pissed of by Kenja · · Score: 4, Funny

    I'M A LEBANESE

    Pics or... wait, I misread that.

    --

    "Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
  2. So stupid it's got to be official. by MRe_nl · · Score: 4, Insightful

    Governments releasing digital weapons on the internet. Thanks for the R&D!
    COPY/PASTE.

    --
    "Kill 'em all and let Root sort 'em out"
    1. Re:So stupid it's got to be official. by antonymous · · Score: 4, Informative
      I know it's bad form to RTFA, but here's the part where they talk about their current inability to properly decrypt the payload:

      The malware uses that configuration to generate a key to unlock the payload and unleash it. Once it finds the configuration itâ(TM)s looking for, it uses that configuration data to perform 10,000 iterations of MD5 to generate a 128-bit RC4 key, which is then used to decrypt the payload. âoeUnless you meet these specific requirements, youâ(TM)re not going to generate the right key to decrypt it,â Schoewenberg says.

  3. I got the solution by courteaudotbiz · · Score: 4, Funny

    Just De-Gauss the infected hard drive

  4. Since when by Black+Parrot · · Score: 4, Funny

    is a gaussian distribution news?

    --
    Sheesh, evil *and* a jerk. -- Jade
  5. Re:New State-Sponsored WINDOWS Malware. by xerxesVII · · Score: 4, Funny

    Well according the helpful lads at 4chan, that folder is usually just filled with malware. They recommend deleting that folder. Seems like a pretty good idea.

    --
    "We shall grapple with the ineffable, and see if we may not eff it after all." - Douglas Adams
  6. Wouldn't it be easier by HexaByte · · Score: 4, Funny

    Wouldn't it be easier to just send them all an e-mail: "Hello, I am Mrs. Kadafi, wife of the late ruler of Lybia. My husband left me with 300 millions USD in a Swiss account..."

    --
    HexaByte - he's a square and a half!
  7. May inspire a Windows exodus... by Kazoo+the+Clown · · Score: 4, Interesting

    If these events cause mass flight from Microsoft products, the NSA or whoever wrote the darn thing might want to think twice before they go to Microsoft asking for any back doors or any other favors, I suspect Ballmer won't take too kindly to the idea of exploiting Windows in the name of national security if it takes a big ding out of their bottom line...