Security researchers say they have positively identified a new computer virus plaguing networks in the Middle East.
According to Kaspersky Lab, the Gauss virus is likely state-sponsored and appears to have been coded by the same team that wrote Flame, a complex piece of data-mining malware designed to stealthily spy on computers in Iran.
However, unlike Flame and its Stuxnet predecessor, Gauss has thus far been detected on approximately 2,500 computers – with the majority of the infectious digital outbreak (thus far) seemingly confined to Lebanon.
Interestingly enough, Gauss appears to have been programmed to steal specific information, such as log-in credentials for bank accounts.
A number of accounts at several of Lebanon’s more prestigious banks have already been targeted, such as the Bank of Beirut, BlomBank, ByblosBank, Credit Libanais and FransaBank. Cookies for sites like Gmail and credentials for Citibank and PayPal were also hacked and extracted.
“We have never seen any malware target such a specific range of banks,” Kaspersky rep Costin Raiu told the New York Times during a recent interview.
“Generally cyber criminals target as many banks as possible to maximize financial profit, but this is a very focused cyber-espionage campaign targeting certain users of online banking systems.”
Raiu also reiterated that Gauss was authored by the same team as the Flame virus, as the two shared similar code – having been written in the same C++ developer language and exploiting similar means to infect PCs unplugged from the ‘Net.
“There is absolutely no doubt that Gauss and Flame were printed by the same factories. And an early version of Stuxnet used a module from Flame, which shows they are connected. Stuxnet was created by a nation-state – it simply could not have been designed without nation-state support – which means Flame and Gauss were created with nation-state support as well.
“It’s done in such a clever way that security researchers cannot analyze it because they don’t know the decryption key that unlocks the true purpose of [the Gauss warhead]. Until we crack that code, there is no way to tell what the encrypted payload is [really] after [aside from banking credentials],” he added.
