Meet the Gauss a New Member of Stuxnet Family

Stuxnet-Flame…Gauss_-300×224

Of course its a wrong English but the ugly truth is that : just one virus  on a computer is too many.

Today the world has moved to such a phase where your computer needs a good antivirus to work.

But is that true in all aspects? Well I believe that answer to this question is in another question if the virus is an FUD (Fully Undetectable Virus)?

Those viruses which cannot be detected by your antivirus are FUD’s.

The new cousin of the year old Stuxnet family which even includes world’s worst virus ‘Flame’; is Gauss.
The new cousin of Stuxnet is believed to have infected more that 2500 computer. It is regarded to be the best virus for carrying out spying activities.

Kaspersky lab found this virus earlier in this month. The Gauss virus attacked computers in the Middle East, specifically looking for access information to banks in Lebanon.

The banks who were infected were Bank of Beirut, BlomBank, ByblosBank, Credit Libanais, etc.
Some other non-Lebanese infected banks include Citibank and PayPal.

It is said that the virus has direct relations to Flame, and is nearly related to Stuxnet and Duqu.

It looks like Gauss virus is giving researchers at Kaspersky Lab a hard time.

The security firm is reaching out to the community for anyone who can help decrypt the malware’s payload.

“The purpose and functions of the encrypted payload currently remain a mystery,” said Aleks Gostev, the chief security expert of Kaspersky’s global research and analysis team.

Gauss can do a lot that stealing financial information, it has ability to steal browser passwords, system configurations, cookies, and more.

Like Stuxnet, it can also be passed from computer to computer by infecting USB.

Kaspersky reported on the logs that the virus carries out :-

Kaspersky explained that the payload lives in this “USB data-stealing module,” which looks for a specific folder in Program Files that starts with an extended character, such as Arabic or Hebrew. If it discovers the folder, and well as some other system requirements, it will decrypt and infect the computer with its payload.

“The size of the payload is also a concern,” Gostev said, “It’s big enough to contain coding that could be used for cybersabotage, similar to Stuxnet’s SCADA code. Decrypting the payload will provide a better understanding of its overall objective and the nature of this threat.”

Kaspersky originally discovered the malware in June, but has had difficulty deciphering details about Gauss. The main reason is that the hackers who created Gauss shut down its command and control servers before Kaspersky was able to track back to them.

 

Detection of Gauss infection:-

Online detection:-  Visit the site and check for infection with just few clicks : Gauss antivirus

Antivirus Solution:- Kaspersky

Manual detection:- check out if you computer has following file as in the image:-

If so you are infected with Gauss contact Kaspersky for removal

The virus is detected by the fonts that it uses. The font name is: “Palida Narrow Font”

 

 




There are no comments

Add yours