Gauss: Virus Like Stuxnet Found, Russian Security Firm Claims

Teni Sow | August 10, 2012

Security researchers on Thursday said they discovered a new computer virus that infected about 2,500 computers across the Middle East and appeared to target banks in Lebanon.

Researchers at Kaspersky Lab, a Russian security firm, said the virus began infecting computers last September, but they did not discover it until two months ago. The servers that controlled it stopped working in July, they said.

The malicious software — nicknamed “Gauss” — shared similarities with three other viruses that have been found in the region since 2009, the researchers said in a blog post.

After analyzing its code, they concluded there “was some form of collaboration” between the unknown hackers behind Gauss and the creators of Stuxnet, a cyber weapon found in 2009 that damaged Iran’s nuclear program.

The United States, along with Israel, launched Stuxnet as part of a series of covert cyber attacks against Iran that began during the Bush administration, according to a report earlier this year in The New York Times.

But Gauss’ mission was different, the researchers said. While Stuxnet targeted Iran’s nuclear facility, Gauss appeared to target banks in Lebanon, as well as users of Citibank and PayPal, they said.

The malware — which they said was designed for “stealth and secrecy” — appeared to have stolen online banking credentials from a variety of sources, including social networks, emails and instant messages.

Gauss was also likely created by the same hackers who built another piece of malware called “Flame” because the two viruses shared similar code, according to Kasperksy Lab. Flame infected hundreds of computers across the Middle East, stealing victims’ data and spying on their online activities.

Flame monitored computer users by taking screenshots of their email or Instant Messenger conversations, recording their audio conversations from an internal microphone or through Skype, and using Bluetooth technology to steal data on devices located near the infected computer.

But while Flame infected only 700 computers, mostly located in Iran, Gauss infected about 2,500 machines, with more than half in Lebanon. The researchers estimated the total number of victims from computers by Gauss could be “tens of thousands.”

The researchers said the virus appeared to have been created at the direction of a foreign government because of its sophistication, though they did not specify which one.

The virus earned its moniker because the hackers named part of its code after German mathematician Johann Carl Friedrich Gauss, according to the blog post.

 

Join the forum discussion on this post

Make Current

RedditStumbleUponDeliciousTumblrDiggBlogger PostMister-WongLinkedInShare

Related posts:

  1. Iran says Stuxnet virus infected 16000 computers
  2. Security Firm Renews Debate Over Chinese Cyberspying
  3. Air Force Deems Drone Virus More Nuisance Than Threat
  4. Computer virus hits US’ Predator drone fleet
  5. Symantec Hackers Sought $50,000 For Stolen Anti-Virus Source Code: Authorities

Tags: , , , , , , ,

Category: Technology

Comments (0)

Trackback URL | Comments RSS Feed

There are no comments yet. Why not be the first to speak your mind.

Comments are closed.

«
»
Increase your website traffic with Attracta.com