August 09, 2012
Gauss seems to have primarily gone after bank account information in Lebanon

From David Goldman, CNN Money:  A new cyberweapon that secretly steals bank account information from its victims was exposed on Thursday.

The sophisticated malware, discovered by Internet security company Kaspersky Labs, has been capturing online bank account login credentials from its victims since September 2011. There's no evidence it's been used to steal any money. The virus instead appears to be a spy interested in tracking funds: It collects banking login information, sends it back to a server, and quickly self-destructs.

Dubbed "Gauss," a name taken from some of the unique file names in its code, the malware appears to be a cyber-espionage weapon designed by a country to target and track specific individuals. It's not known yet who created it, but Gauss shares many of the same code and characteristics of other famous state-sponsored cyberweapons, including Stuxnet, Duqu and Flame.

Those viruses are widely believed to have been developed by the U.S. government. But unlike Stuxnet and Flame, which targeted an Iranian nuclear facility and spied on Iran's government officials, Gauss seems to have primarily gone after people in Lebanon.

Of the 2,500 or so discovered instances of Gauss across the world, about 1,660 of them were found in Lebanon. The virus is specifically designed to target customers of Lebanese banks, as well as Citibank and eBay's PayPal, which are widely used in Lebanon.

Kaspersky also found 483 instances of Gauss in Israel and 261 in the Palestinian territories. Only 43 Gauss instances were found to be in the United States, and just a handful were discovered in other parts of the world.

When certain regions are specifically targeted, that's a telltale marker that a piece of malware has been created by a government. Viruses developed by financially motivated criminals are designed to target as many people as possible. . . .

Kasperky labs found Gauss in May, when it was commissioned by the United Nations' International Telecommunication Union to look for malicious applications similar to the potent Flame virus discovered earlier this year. Like Flame, Duqu and Stuxnet, Gauss is written in a computer language called "C," and it shares a similar structure and code base. The biggest tip-off: Gauss and Flame both contain the exact same line "?Avnxsys_uwip@@".   (photo: itp.net)

RELATED CONTENT