We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Gauss Cyber Espionage Threat Targets Banking Info

A new malware threat has been discovered that seems to have the same state-sponsored roots as Stuxnet, Duqu, and Flame.

Gauss joins the ranks of Stuxnet, Duqu, and Flame as an apparently state-sponsored tool of cyber espionage. This latest threat appears to be built from the same code foundation as Flame, and specifically targets bank credentials and financial data.

Kaspersky Lab--the largest privately held vendor of antimalware and endpoint security products--announced the new threat. A Kaspersky FAQ about Gauss boils the description of Gauss down to a 140-character tweet: Gauss is a nation state sponsored banking Trojan which carries a warhead of unknown designation.

Gauss has been flying under the radar and evading detection since the fall of 2011. Ironically, it was discovered during operations initiated by the International Telecommunications Union (ITU) in the wake of Flame in an effort to detect and mitigate any other stealthy cyber threats. Mission accomplished.

Kaspersky was able to detect and identify the threat--dubbed Gauss because its main module is named after the German mathematician Johann Carl Friedrich Gaussbecause it uses a similar architecture, module structure, code base, and methods of communication with command and control (C&C) servers as its cousin, Flame.

While Flame, Stuxnet, and Duqu seemed to be aimed at Iran, Gauss appears to specifically target Lebanese banks, as well as Citibank and PayPal accounts. Gauss steals browser history, cookies, passwords, and system configurations from compromised systems, and collects usernames and passwords for financial accounts and payment systems.

The initial method of infection is still unknown. Like Flame and Duqu, though, the propagation of Gauss seems to be controlled in order to maintain stealth and avoid detection. Kaspersky has detected 2,500 infected machines so far, and estimates the total number of compromised systems to be in the tens of thousands.

The malware was discovered in June of 2012, and the C&C servers that manage it were effectively shutdown in July of 2012. As a result, Gauss is now in a dormant state.


IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

LED vs Halogen: Why now could be the right time to invest in LED bulbs

IDG UK Sites

Christmas' best ads: See great festive spots studios have created to promote themselves and clients

IDG UK Sites

Why Apple shouldn't be blamed for exploitation in China and Indonesia