Solving "Gauss"
Code for the gauss virus, a new cyberweapon that attacks bank accounts
August 16th, 2012
11:16 PM ET

Solving "Gauss"

By Suzanne Kelly

Researchers at the same cybersecurity lab that announced the discovery of the Flame virus this past May believe they have discovered a related set of code that serves as a Trojan horse, and they're asking the wider cryptographic community to help them crack it.

The newly found code dubbed "Gauss" appears to be a cyber-espionage toolkit that has the ability to intercept passwords, steal computer system configuration information and access credential information for banks located in the Middle East. But researchers at Kaspersky Lab in Russia say things don't seem to be only as they appear.

"We're talking about a complex package," says senior security researcher Kurt Baumgartner, who says the code appears to be created by a nation-state. "It's unique and different in a few ways; it maintains code and has similar functionality to Flame and Stuxnet."

Flame and Stuxnet are computer viruses that have the ability to rewrite code. Stuxnet targeted Iran's nuclear program. It rewrote code that caused enrichment centrifuges to spin out of control, rendering them useless. The U.S. and Israel are widely believed to be behind the creation of the virus.

Baumgartner says researchers have had a harder time understanding what Gauss was actually created to do, or what its payload really is.

A payload is a piece of code or technology that is being delivered within a software package. Baumgartner says the stealing of credentials and monitoring capability may be just a smokescreen for something more sinister.

"It's very likely that its meant to cover up or hide whatever that payload is," says Baumgartner, who adds that it's possible the code was designed to avoid detection until it reached its final target.

Kaspersky Lab posted an appeal on its company website for encryption experts to try to help crack the code. They say they've gotten a number of responses from "talented people."

"There's all sorts of speculation we could make about what's really in the payload," says Baumgartner. "But for a blob of encrypted data to reside within a piece of code that's related to Stuxnet and that has spread to thousands or tens of thousands of machines in that region, it suggests that there is a more significant or more important payload."

So far, Kaspersky says most of the "Gauss" detections have been in Lebanon, with a smaller number reported in Israel.

Researchers have no idea how the code spreads, but say that it has the ability to infect USB ports that, once infected, can spread to as many as 30 computers before the code self destructs.

The toolkit earned its name because of references discovered within the code that pay tribute to mathematicians and philosophers. Johann Carl Friedrich Gauss was a German mathematician.

soundoff (16 Responses)
  1. Kelly Schatt

    Nice, motivating , keep it up =)Learn Spanish Fast for Free

    April 7, 2021 at 10:09 am | Reply
  2. Darrin Cal

    March 4, 2021 at 10:22 am | Reply

    iskenderun escort bayanlarla tanışmak için bu siteyi ziyaret edebilirsiniz.

    February 6, 2021 at 11:10 pm | Reply
  4. mersin escort

    esenyurt escort bayanar bu sitede üstelik hepsi ücretsiz...

    February 5, 2021 at 10:23 pm | Reply
  5. malatya escort

    esenyurt escort bayanar bu sitede üstelik hepsi ücretsiz...

    February 4, 2021 at 11:57 am | Reply
  6. Ezekiel Timmis

    Wow! This can be one particular of the most beneficial blogs We have ever arrive across on this subject. Actually Magnificent. I'm also an expert in this topic so I can understand your hard work.

    January 28, 2021 at 10:13 pm | Reply
  7. Jessie Holzner

    Quite easily, the article is in reality the sweetest on this laudable topic. I agree with your conclusions and definitely will eagerly look forward to your approaching updates. Simply just saying thanks will certainly not simply just be sufficient, for the outstanding lucidity in your writing. I can right away grab your rss feed to stay privy of any updates. Good work and much success in your business efforts!

    January 12, 2021 at 1:49 am | Reply
  8. man terra 90

    I have to get throughout my personal passion on your goodness helping people who really need help with the bradenton area of great interest. Your own genuine dedication to passing the perfect solution all around had been good and possess regularly motivated staff much like me to achieve their dreams. Your own valuable valuable info indicates anywhere near this much someone at all like me yet still far more for you to my personal peers. Thanks a lot all people. man terra 90

    August 18, 2012 at 1:29 am | Reply
  9. You are not George Patton

    How little do you know that the US is actually very behind other nation states when it comes to militarizing cyberspace.

    August 17, 2012 at 4:48 pm | Reply
  10. OffTheWorldPolitics

    I think it is a little presumptuous to assume that all these viruses are connected the same nation state. It is just as probable that there is a small group of private individuals who work independently. It is not hard for computer savvy individuals to get connected to each other.

    August 17, 2012 at 1:21 am | Reply
  11. George Patton

    Now we see just where our tax dollars go! The right-wing politicians in Washington seem to be militarizing everthing these days and how!!! It never ends!

    August 17, 2012 at 12:30 am | Reply
    • Dick Tracy

      Right wing? Left wing? You're an idiot. They're both wings from the same broken, rotten, decaying bird. And you're simply one of their many intended dumbing targets, I will add it appears that strategy certainly worked on you...

      August 27, 2012 at 9:09 am | Reply
      • RW

        According to Mr. Tracy, Eagle is down, repeat the Eagle is down!

        December 3, 2012 at 4:44 am |

Post a comment


CNN welcomes a lively and courteous discussion as long as you follow the Rules of Conduct set forth in our Terms of Service. Comments are not pre-screened before they post. You agree that anything you post may be used, along with your name and profile picture, in accordance with our Privacy Policy and the license you have granted pursuant to our Terms of Service.