UPDATED 11:26 EDT / AUGUST 13 2012

NEWS

Gauss Becomes the Next Big Topic in Nation-state Cyber Surveillance Realm

Accompanying Stuxnet, Flame, and Duqu, Gauss has become the latest cyber-surveillance operation in the entire cyber espionage scenario. Gauss is a nation state sponsored banking Trojan, and was discovered by International Telecommunications Union (ITU) that was working toward mitigating the risks posed by cyber-weapons. Gauss derives its name from one of its important modules, named ‘Gauss’, which implements the data theft process.

Besides, the authors of the malware, who are same as of the Flame malware platform, forgot to remove debugging information from some of the Gauss samples, which contain the paths where the project resides, as “projects\gauss”.

The researchers, who were actually working on analyzing the unknown components of Flame, discovered Gauss and found striking similarities between this and the Flame’s structure.

“During the course of the analysis, we discovered a separate cyber-espionage module which appeared similar to Flame, but with a different geographical distribution. Originally, we didn’t pay much attention to it because it was already detected by many anti-malware products. However, we later discovered several more modules, including some which were not detected, and upon a closer look, we noticed the glaring similarities to Flame. Following our detailed analysis in June and July 2012, we confirmed the origin of the code and the authors as being the same as Flame.”

According to them, Gauss operation started sometime around August-September 2011. The Gauss command-and-control (C&C) infrastructure was shutdown in July 2012. As of now, the malware is in a dormant state, waiting for its C&C servers to become active again.

“Any technology sufficient to supply the aims of both criminals and nation-states will quickly become prevalent in an underground,” says HackANGLE editor Kyt Dotson. “As a result, we’ve not seen the end of malware that mimics the success and proliferation of Stuxnet and Flame. As botnets like ZeuS also evolve–as they can be ‘caught’ and ‘dissected’–they will be re-engineered into the next generation of tools for cyberwarfare based on what works.”

Since the era of state-sponsored cyberwarfare starts, we have see lot of malware, actually dangerous ones. Flame virus was perhaps the greatest cyber weapon discovery. Designed to gather private data from the targeted computer systems in Iran and other Middle East countries, Flame is much more sophisticated than the two previously discovered cyber weapons known as Duqu and Stuxnet. Later, researchers discovered that Flame and Stuxnet malware were parallel projects.

Reportedly, the developers of deadly programs likely collaborated with one another during their development, to the extent that they even used the same source code. The revelation will no doubt lead conspiracy theorists to point the finger of blame at the United States and Israeli governments, which have already been accused of launching Stuxnet at Iran as part of a cyberattack to undermine its suspected nuclear weapons program.


A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU