‘Gauss’ Virus Related to Flame, Stuxnet, Kaspersky Says

(Ping! Zine Web Tech Magazine) – Individuals in the middle-east may be vulnerable to a newly discovered virus. According to a post from Kaspersky Lab, the trojan known as Gauss is closely related to other well known viruses including Flame, initially reported on by the same security company in May.

“Gauss is a complex cyber-espionage toolkit created by the same actors behind the Flame malware platform. It is highly modular and supports new functions which can be deployed remotely by the operators in the form of plugins,” commented Kaspersky Lab via its Securelist blog.

The virus itself was discovered via efforts from the International Telecommunications Union. Like others including Flame and Stuxnet, it primarily targets middle-eastern countries. Such locations include Lebanon, Israel and Palestine. Also like Flame and Stuxnet, it originated from a nation state.

Five different servers are reportedly used to control the operation via “command-and control domains.” Gauss succeeds in performing tasks such as intercepting passwords and cookies, infecting USB sticks, hijacking account information, accessing system configuration data and more.

The timeframe for the virus? Kaspersky noted that its operation likely began sometime between August and September of last year and the amount of infections has only increased since.  Tracking the virus going back to May, the security firm recognized 2,500 new infections.

However, a key finding signaled Gauss isn’t completely active. “The Gauss command-and-control (C&C) infrastructure was shutdown in July 2012. At the moment, the malware is in a dormant state, waiting for its C&C servers to become active again,” commented the report.