Gauss Malware Proves Too Tough For Kaspersky To Crack
Fancy a go at cracking some malware codes? If you think you have what it takes, Kaspersky might just be interested to hear from you.
You might recall the web security firm’s announcement last week that it had stumbled across yet another malicious code that’s infecting computers in the Middle East. Nicknamed ‘Gauss’, Kaspersky said that the malware appears to have been designed to steal personal information such as credit card details. But while the objective of Gauss is nothing new, the malware’s level of protection apparently is. Those looking to crack the code have revealed that Gauss is encrypted with a module known as Godel that has so far proven impossible to break.
At their wits end, Kaspersky are now seeking outside help, asking anyone with skills in mathematics and cryptology to team up and help them solve Gauss’s mystery and crack its hidden payload.
“We are presenting all the available information about the payload in the hope that someone can find a solution and unlock its secrets,” the company said in a statement on its website.
Gauss is similar to previous malwares flame and stuxnet that have infected thousands of computers in Iran, in that it is able to exploit a vulnerability in USB thumb drives to infect them and transfer itself from computer to computer.
Kaspersky revealed that two files have been found on infected USB sticks, both of which are encrypted:
“These files are loaded from infected drives using the well-known LNK exploit introduced by Stuxnet. Their primary goal is to extract a lot of information about the victim system and write it back to a file on the drive named ‘.thumbs.db.'”
Reseachers said that they’d attempted to crack the code using a brute force attack, trying out millions of different combinations without success.
To assist those who want to lend a helping hand, Kaspersky is providing 32 bytes of encrypted data from the virus, together with hashes from known variants of the Godel module.
The encryption is not the only thing about Gauss that is giving researchers headaches. Another mystery is the malware’s link to a new font called Palida Narrow, which automatically installs itself on any computer that is infected with the virus. Researchers are uncertain about the purpose of the new font, although some have speculated that it could be a kind of ‘marker’ which allows attackers to confirm that the malware has been installed on a machine.
The font does have one use however. The Hungarian security firm CrySys Lab says that the presence Palida Narrow can be detected remotely, and this has allowed them to come up with a detection tool for internet users who are worried that their computer might be infected with Gauss.
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU