Gauss malware: Expert reaction

According to Kaspersky Lab, who discovered the malware, Gauss is related to Stuxnet, Flame and Duqu. One of the capabilities which separate it from those other high profile attacks is that it can monitor banking transaction.

James Todd, technical lead for Europe at FireEye
While the discovery of the Flame virus may have shocked security experts worldwide, it seems that this was just the tip of the iceberg. With suggestions that Gauss could in fact be linked to the laboratories that created Flame, Stuxnet and Duqu, it appears that the state-sponsored cyber threat might be more dynamic, fast-moving and incestuous than previously thought.

Many consider credential stealing malware a social problem and pretty harmless compared to targeted attacks. Gauss destroys that myth. Though it seems that this virus is currently intended for the theft of bank details, social networking information and other web passwords, we cannot underestimate the seriousness of this discovery and its potential to morph into a virus capable of attacking control systems and other critical infrastructure, as has been suggested.

Paul Lawrence, VP international operations at Corero Network Security
The discovery of Gauss, which apparently is based on the Flame platform, indicates a widespread monitoring of banking information, primarily in Lebanon. Whether the aim was to simply monitor activities or steal funds is not known at this time, since the malware’s command and control servers shut down in July.

Coming so soon after the discovery of Flame indicates that there has been and may still be other variants waiting to be disclosed, or it may be that the discovery of Gauss has dried this up as a source until a new variant could be introduced.

What this does mean is that organisations must remain vigilant and on guard against increasingly sophisticated malware, which can be introduced by something as simple as a USB stick. Organisations may want to assess whether they want to close the USB loophole to make it impossible for systems to be infected in this manner.

Global Research & Analysis Team at Kaspersky Lab
Gauss is a complex cyber-espionage toolkit created by the same actors behind the Flame malware platform. It is highly modular and supports new functions which can be deployed remotely by the operators in the form of plugins.

After looking at Stuxnet, Duqu and Flame, we can say with a high degree of certainty that Gauss comes from the same ‘factory’ or ‘factories.’ All these attack toolkits represent the high end of nation-state sponsored cyber-espionage and cyberwar operations, pretty much defining the meaning of ‘sophisticated malware.’

The key characteristic of Gauss is the online banking Trojan functionality. The ability to steal online banking credentials is something we haven’t previously seen in nation-state sponsored malware attacks.

Published:
Lang:
Type: White Paper
Length:

Favourites

  • Favorite list is empty.
FavoriteLoadingClear favorites

Your favorite posts saved to your browsers cookies. If you clear cookies also favorite posts will be deleted.