View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
August 10, 2012

Gauss malware: Expert reaction

CBR pulls together the expert opinion on the Gauss malware, said to be attacking banks in the Middle East

By Cbr Rolling Blog

According to Kaspersky Lab, who discovered the malware, Gauss is related to Stuxnet, Flame and Duqu. One of the capabilities which separate it from those other high profile attacks is that it can monitor banking transaction.

James Todd, technical lead for Europe at FireEye
While the discovery of the Flame virus may have shocked security experts worldwide, it seems that this was just the tip of the iceberg. With suggestions that Gauss could in fact be linked to the laboratories that created Flame, Stuxnet and Duqu, it appears that the state-sponsored cyber threat might be more dynamic, fast-moving and incestuous than previously thought.

Many consider credential stealing malware a social problem and pretty harmless compared to targeted attacks. Gauss destroys that myth. Though it seems that this virus is currently intended for the theft of bank details, social networking information and other web passwords, we cannot underestimate the seriousness of this discovery and its potential to morph into a virus capable of attacking control systems and other critical infrastructure, as has been suggested.

Paul Lawrence, VP international operations at Corero Network Security
The discovery of Gauss, which apparently is based on the Flame platform, indicates a widespread monitoring of banking information, primarily in Lebanon. Whether the aim was to simply monitor activities or steal funds is not known at this time, since the malware’s command and control servers shut down in July.

Coming so soon after the discovery of Flame indicates that there has been and may still be other variants waiting to be disclosed, or it may be that the discovery of Gauss has dried this up as a source until a new variant could be introduced.

What this does mean is that organisations must remain vigilant and on guard against increasingly sophisticated malware, which can be introduced by something as simple as a USB stick. Organisations may want to assess whether they want to close the USB loophole to make it impossible for systems to be infected in this manner.

Global Research & Analysis Team at Kaspersky Lab
Gauss is a complex cyber-espionage toolkit created by the same actors behind the Flame malware platform. It is highly modular and supports new functions which can be deployed remotely by the operators in the form of plugins.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

After looking at Stuxnet, Duqu and Flame, we can say with a high degree of certainty that Gauss comes from the same ‘factory’ or ‘factories.’ All these attack toolkits represent the high end of nation-state sponsored cyber-espionage and cyberwar operations, pretty much defining the meaning of ‘sophisticated malware.’

The key characteristic of Gauss is the online banking Trojan functionality. The ability to steal online banking credentials is something we haven’t previously seen in nation-state sponsored malware attacks.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.