New Mideast cyber virus can spy on finance transactions
Source: Agencies |
August 10, 2012, Friday
|
Print Edition
Print Edition
A new cyber surveillance virus has been found in the Middle East that can spy on financial transactions, email and social networking activity, according to a leading computer security firm, Kaspersky Lab.
Dubbed Gauss, the virus could also attack critical infrastructure and was built in the same laboratories as Stuxnet, the computer worm widely believed to have been used by the United States and Israel to attack Iran's nuclear program, Kaspersky Lab said yesterday.
The Moscow-based firm said it found Gauss had infected personal computers in Lebanon, Israel and the Palestinian Territories. It declined to speculate on who was behind the virus but said it was related to Stuxnet and two other cyber espionage tools, Flame and Duqu.
"After looking at Stuxnet, Duqu and Flame, we can say with a high degree of certainty that Gauss comes from the same 'factory' or 'factories'," Kaspersky Lab said in a posting on its website. "All these attack toolkits represent the high-end of nation-state-sponsored cyber-espionage and cyber war operations."
Kaspersky Lab's findings are likely to fuel a growing international debate over the development and use of cyber weapons. Those discussions were stirred up by the discovery of Flame in May by Kaspersky and others. Washington has declined comment on whether it was behind Stuxnet.
According to Kaspersky Lab, Gauss can steal Internet browser passwords and other data, send information about system configurations, steal credentials for accessing banking systems in the Middle East, and hijack login information for social networking sites, email and instant messaging accounts.
Modules in the Gauss virus have internal names that Kaspersky Lab researchers believe were chosen to pay homage to famous mathematicians and philosophers, including Johann Carl Friedrich Gauss, Kurt Godel and Joseph-Louis Lagrange.
Kaspersky Lab said it called the virus Gauss because that is the name of the most important module, which implements its data-stealing capabilities.
One of the firm's top researchers said Gauss also contains a module known as "Godel" that may include a Stuxnet-like weapon for attacking industrial control systems. Stuxnet, discovered in 2010, attacked via USB drives and was designed to attack computers that controlled the centrifuges at a uranium enrichment facility in Natanz, Iran.
Roel Schouwenberg, the senior researcher, said the Godel code may include a similar "warhead."
Godel copies a compressed, encrypted program onto USB drives. That program will only decompress and activate when it comes in contact with a targeted system.
While Kaspersky has yet to fully crack Godel's code, Schouwenberg suspects it is a cyber weapon designed to cause physical damage and that its developers went to a lot of trouble to hide its aim, using an encryption scheme that could take months or even years to unravel.
Dubbed Gauss, the virus could also attack critical infrastructure and was built in the same laboratories as Stuxnet, the computer worm widely believed to have been used by the United States and Israel to attack Iran's nuclear program, Kaspersky Lab said yesterday.
The Moscow-based firm said it found Gauss had infected personal computers in Lebanon, Israel and the Palestinian Territories. It declined to speculate on who was behind the virus but said it was related to Stuxnet and two other cyber espionage tools, Flame and Duqu.
"After looking at Stuxnet, Duqu and Flame, we can say with a high degree of certainty that Gauss comes from the same 'factory' or 'factories'," Kaspersky Lab said in a posting on its website. "All these attack toolkits represent the high-end of nation-state-sponsored cyber-espionage and cyber war operations."
Kaspersky Lab's findings are likely to fuel a growing international debate over the development and use of cyber weapons. Those discussions were stirred up by the discovery of Flame in May by Kaspersky and others. Washington has declined comment on whether it was behind Stuxnet.
According to Kaspersky Lab, Gauss can steal Internet browser passwords and other data, send information about system configurations, steal credentials for accessing banking systems in the Middle East, and hijack login information for social networking sites, email and instant messaging accounts.
Modules in the Gauss virus have internal names that Kaspersky Lab researchers believe were chosen to pay homage to famous mathematicians and philosophers, including Johann Carl Friedrich Gauss, Kurt Godel and Joseph-Louis Lagrange.
Kaspersky Lab said it called the virus Gauss because that is the name of the most important module, which implements its data-stealing capabilities.
One of the firm's top researchers said Gauss also contains a module known as "Godel" that may include a Stuxnet-like weapon for attacking industrial control systems. Stuxnet, discovered in 2010, attacked via USB drives and was designed to attack computers that controlled the centrifuges at a uranium enrichment facility in Natanz, Iran.
Roel Schouwenberg, the senior researcher, said the Godel code may include a similar "warhead."
Godel copies a compressed, encrypted program onto USB drives. That program will only decompress and activate when it comes in contact with a targeted system.
While Kaspersky has yet to fully crack Godel's code, Schouwenberg suspects it is a cyber weapon designed to cause physical damage and that its developers went to a lot of trouble to hide its aim, using an encryption scheme that could take months or even years to unravel.
- About Us
- |
- Terms of Use
- |
-
RSS - |
- Privacy Policy
- |
- Contact Us
- |
- Shanghai Call Center: 962288
- |
- Tip-off hotline: 52920043
- 沪ICP证:沪ICP备05050403号-1
- |
- 互联网新闻信息服务许可证:31120180004
- |
- 网络视听许可证:0909346
- |
- 广播电视节目制作许可证:沪字第354号
- |
- 增值电信业务经营许可证:沪B2-20120012
Copyright © 1999- Shanghai Daily. All rights reserved.Preferably viewed with Internet Explorer 8 or newer browsers.
