Sunday, August 12, 2012

Flame virus re-ignites with new "Gauss" variant

Researchers at Kapersky Labs last week discovered another computer virus closely associated with Flame. They named it "Gauss" after the malware's apparent main module, with most of the modules named internally after famous mathematicians.

Kapersky found evidence linking this new variant to previous state sponsored cyber espionage exploits Stuxnet, Flame and DuQu. Gauss appears to be part of a wider espionage campaign, the scope of which is currently unknown.

This new Gauss variant appears to target banking accounts and transactions (even PayPal) in the Middle East, for purposes unknown. It could be gathering information about transactions, or it could be gathering actual money, as some have suggested.

From Kapersky:

Gauss is the most recent development from the pool of cyber-espionage projects that includes Stuxnet, Flame and Duqu. It was most likely created in mid-2011 and deployed for the first time in August-September 2011.

Kapersky noted a few similarities between Flame and Gauss:













What's interesting to note is that Kapersky is a Russian firm and the Russians probably gain politically from outing what is likely an American/Isreali campaign. As far as I know, nobody has outed any specific state sponsored malware from Russia or China. We can all guess at the players, their motives and most of the technology used, but the actual details of this "war" have been murky at best. It looks like we're finally seeing some of the skirmishes unfold.

No comments:

Post a Comment