A new computer virus, dubbed Gauss, has been discovered in the Middle East. Researchers say can it steal banking credentials and hijack login information for social networking sites, email and instant messaging accounts.
Cyber security firm Kaspersky Lab said Gauss is the work of the same “factory” or “factories” that built the Stuxnet worm, which attacked Iran’s nuclear program. Here are some key facts about Gauss, according to Kaspersky Lab.
What is its purpose?
Gauss is a surveillance tool. It steals credentials for hacking online banking systems, social networking sites and email accounts; it also gathers information about infected PCs, including Web browsing history, system passwords and the contents of disk drives.
Can it do anything else?
There is a mysterious module, known as Godel, that copies malicious code onto USB drives when they are plugged into infected PCs. Godel’s purpose is unknown because some of its code is compressed and scrambled using a sophisticated encryption method. It only activates when it infects a predetermined target. Researchers have not identified the target or figured out its mission. Kaspersky Lab senior researcher Roel Schouwenberg said he believes it may be a “warhead” designed to damage industrial control systems.
How many victims are there?
Kaspersky Lab has uncovered more than 2,500 computers infected with Gauss since late May. It estimates the total number of victims is in the tens of thousands. The largest number of infections were found were in Lebanon, followed by Israel and the Palestinian Territories.
Is Gauss still a threat?
Yes. Infected USB drives could still launch attacks. Servers that controlled infected machines were shut down in July, so it is unlikely that any more information will be stolen from the surveillance part of the operation.
Why is it called Gauss?
The virus is built using modules with internal names that appear to be inspired by famous mathematicians and philosophers, including Kurt Godel, Johann Carl Friedrich Gauss and Joseph-Louis Lagrange. Kaspersky named the entire operation after the Gauss component as it implements the data-stealing capabilities.