Researchers at Kaspersky Lab, a Russian security firm, said the virus began infecting computers last September, but they did not discover it until two months ago. The servers that controlled it stopped working in July, they said.
After analyzing its code, they concluded there “was some form of collaboration” between the unknown hackers behind Gauss and the creators of Stuxnet, a cyber weapon found in 2009 that damaged Iran’s nuclear program.
The United States, along with Israel, launched Stuxnet as part of a series of covert cyber attacks against Iran that began during the Bush administration, according to a report earlier this year in The New York Times.
The malware — which they said was designed for “stealth and secrecy” — appeared to have stolen online banking credentials from a variety of sources, including social networks, emails and instant messages.
Gauss was also likely created by the same hackers who built another piece of malware called “Flame” because the two viruses shared similar code, according to Kasperksy Lab. Flame infected hundreds of computers across the Middle East, stealing victims’ data and spying on their online activities.
Flame monitored computer users by taking screenshots of their email or Instant Messenger conversations, recording their audio conversations from an internal microphone or through Skype, and using Bluetooth technology to steal data on devices located near the infected computer.
But while Flame infected only 700 computers, mostly located in Iran, Gauss infected about 2,500 machines, with more than half in Lebanon. The researchers estimated the total number of victims from computers by Gauss could be “tens of thousands.”
- Iran says Stuxnet virus infected 16000 computers
- Security Firm Renews Debate Over Chinese Cyberspying
- Air Force Deems Drone Virus More Nuisance Than Threat
- Computer virus hits US’ Predator drone fleet
- Symantec Hackers Sought $50,000 For Stolen Anti-Virus Source Code: Authorities