Enter Gauss: A Nation State Sponsored Malware, with a Knack for Bank Accounts
By on August 10th, 2012

We have seen Stuxnet designed to attack nuclear plants in Iran, we have seen Flame designed for mass surveillance of Middle-eastern nations and we have seen Duqu, the sister trojan of Stuxnet also aimed at Iran. How low does this cyber-espionage war fall? Well, low has a new definition now, as a new trojan Gauss has been discovered, which apparently steals bank account details of individuals.

stop-virus

The Gauss trojan surfaced as part of an ongoing investigation on Flame. It is believed to have been created mid-2011, and released in three months. The Gauss trojan shows the same level of sophistication as seen in Stuxnet and Duqu.

Kaspersky defines Gauss as,

In 140 chars or less, “Gauss is a nation state sponsored banking Trojan which carries a warhead of unknown designation”. Besides stealing various kinds of data from infected Windows machines, it also includes an unknown, encrypted payload, which is activated on certain specific system configurations.

Gauss is based on the flame platform, and performs an array of hacks ranging from infecting USB sticks, to stealing browser cookies, to listing the contents of system drives to hijacking social networking accounts. It was aimed mainly at Here is a paper released by Kaspersky Labs on the Gauss trojan [PDF link].

The Gauss trojan names its modules after famous mathematicians like Gauss himself, Lagrange and Godel. The primary module which implements the data stealing capabilities is called Gauss, and hence the name itself. This main payload, which affects USB storage devices, is protected by numerous layers of hashing and a strong RC4 encryption. Kaspersky has also urged cryptography experts to help with the decryption.

 

Tags:
Author: Chinmoy Kanjilal Google Profile for Chinmoy Kanjilal
Chinmoy Kanjilal is a FOSS enthusiast and evangelist. He is passionate about Android. Security exploits turn him on and he loves to tinker with computer networks. He rants occasionally at Techarraz.com. You can connect with him on Twitter @ckandroid.

Chinmoy Kanjilal has written and can be contacted at chinmoy@techie-buzz.com.
 
Copyright 2006-2012 Techie Buzz. All Rights Reserved. Our content may not be reproduced on other websites. Content Delivery by MaxCDN