Kaspersky Lab announces the discovery of Gauss, the latest cyber threats targeting Internet users in the Middle East.
Through a press release received Okezone, Gauss is the spy toolkit nation-state sponsored cyber (state funded) complex. Designed to steal sensitive data, with a particular focus on browsers passwords, online banking account credentials, cookies and the specific configuration of the infected machine. The functionality of online banking Trojan found in Gauss is a unique characteristic not foundin any previous cyber weapons. Gauss found on the sidelines of the activities carried out by the International Telecommunication Union (ITU), related to the discovery of Flame.
Kaspersky Lab experts to identify the similarities discovered Gauss malicious programs with Flame. This includes similarities in platform architecture, the module structure, the base code and means of communication with the server command & control (C & C).
“Gauss has a striking similarity to the Flame, such as design and code base, which allows us to find this dangerous program. Like the Flame and Duqu, Gauss is toolkit complex cyber espionage, with a design that empha sizes the latency and confidentiality. However, the intent is different from Flame or Duqu. Gauss target multiple users in selected countries to steal large amounts of data, with a particular focus on banking and financial information, “said Alexander Gostev, Chief Security Expert, Kaspersky Lab through its official statement.
Investigation found that the first incident related to the Gauss occurred in September 2011. In July 2011, C & C server Gauss stop functioning.
Various modules Gauss in charge of collecting information from the browser, including the history of sites you’ve visited and password. Detailed data from theinfected machine is also sent to the attacker, including a specific network interface, drive computer and BIOS information.
Gauss module is also capable of stealing data bank clients including Bank of Beirut Lebanon,EBLF, BlomBank, ByblosBank, FransaBank and Credit Libanais. Gauss also made users Citibank and PayPal as a target.
Although the design is similar to Gauss Flame, geography penginfeksian very different. Thehighest number of infected computers at Iran’s Flame, while the majority of victims in Lebanon Gauss. The number of infections is also different. Based on telemetry reports from the Kaspersky Security Network (KSN), Gauss infects approximately 2500 computers, while Flame is much lower, only 700 infected computers.