Gauss cyber threat targeting Lebanon has interesting relation to Flame, Stuxnet
- By Defense Systems Staff
- Aug 10, 2012
Moscow-based Kaspersky Lab said Aug. 9 that it had discovered what it believed was the fourth state-sponsored computer virus to appear in the Middle East in the last several years, reports the New York Times.
The Gauss virus, which was apparently aimed at Lebanon and gets its nickname from a name found in its code, appeared to have been written by the same programmers who created the Flame virus that was found to be spying on computers in Iran in May, the story said. Furthermore, the latest virus might also be linked to Stuxnet, the virus that disrupted uranium enrichment work in Iran in 2010.
The Gauss virus, which has been detected on 2,500 computers, seems to have as its purpose the acquisition of logins for e-mail and instant messaging accounts, social networks and certain bank accounts--the last being a function typically found in malicious programs used by profit-seeking cybercriminals.
Gauss is best-described as "a nation state sponsored banking Trojan," reports Information Week. It's code framework is related to the Flame virus, and therefore is an extension of Duqu and Stuxnet.
Of the 2,500 unique PCs that Kaspersky reports have been infected by Gauss since May, 1,600 of the infected PCs were traced to Lebanon, the story said. Other countries with Gauss-infected PCs include Palestinian Territory, United States, United Arab Emirates and Germany.
Analysts believe Gauss may be the first known malware to have been commissioned by a nation state to spy on online banking customers, the story said. Western intelligence agencies have a history of watching Lebanese banks because of their role in facilitating financial transactions by extremist groups.
Gauss has kept a low profile since it began spreading in fall 2011, according to PC World. The International Telecommunications Union, which was established in the wake of Flame to detect similar cyber threats, discovered Gauss.
The Gauss malware was discovered in June 2012, and the servers that managed it were shut down the following month, the story said.