08.09.12
Gauss
Are you tired of the child-like nerd’s naming convention for computer viruses?
Yeah, me too. Years and years of it.
On the Gauss virus, from SecurityNewsDaily (me included):
Kaspersky Lab, the Moscow-based anti-virus firm which co-discovered the Flame state-sponsored spyware, says it’s found another cyberweapon: a sophisticated banking Trojan that Kaspersky has dubbed “Gauss.”
Gauss is designed to steal credentials for bank accounts at half a dozen Lebanese banks, Kaspersky says, and shares a USB-stick infection method with another state-sponsored bug — the Stuxnet worm that the U.S. and Israel used to attack Iran.
“After looking at Stuxnet, [the Stuxnet relative] Duqu and Flame, we can say with a high degree of certainty that Gauss comes from the same ‘factory’ or ‘factories,'” Kaspersky said in a FAQ posted on its website. “All these attack toolkits represent the high end of nation-state sponsored cyber-espionage and cyberwar operations, pretty much defining the meaning of ‘sophisticated malware.'”
It’s not entirely clear that Gauss is indeed state-sponsored. The evidence that Kaspersky presents proves that Gauss is fairly sophisticated, yet not out of the reach of the creators of such well-known criminal-controlled banking Trojans …
“Differences in degree of sophistication are probably not particularly important at this stage,” George Smith, a senior fellow with the Alexandria, Va.-based defense-policy research organization GlobalSecurity.org, told SecurityNewsDaily. “[Gauss] looks like it’s fitting into the historical pattern. Just because the malware writers are working for a country doesn’t make them different than their older brethren” …
“Maybe it’s a criminal tool,” Smith said. “However, the national arguments about cyberwar have always talked about opposing nations hitting banking and financial systems. So it is not really a surprise they would be making things to do the same.”
In addition to the Lebanese banks, Gauss is also engineered to steal online credentials for Citibank and PayPal …
The US government has put in place sanctions proscribing banks from
doing business for Iran. Using cyberspace to hit middle eastern banks clandestinely would conceptually fit into such a strategy.
Or maybe it’s all just coincidence.
If you follow these stories at a more fine grain level you’re now seeing a resentment, perhaps fueld by a covetous envy, towards Kaspersky Labs in competing vendors and experts.
Related, earlier today…
O hai! I can haz the air-conditionin’ saved from haxOring please? — ex NSA lawyer guy tinyurl.com/9ba9tzr
@vmyths twitter.com/DickDestiny/st…— DickDestiny (@DickDestiny) August 9, 2012
Chuck said,
August 9, 2012 at 8:32 pm
Teh stupid seems to be invading our professional technical ranks, as well:
http://spectrum.ieee.org/computing/software/did-bill-gates-steal-the-heart-of-dos/
As a long-time (ca. 40 years) member of IEEE, I felt embarrassed that this tripe was ever printed in the flagship publication of the Institute.
George Smith said,
August 10, 2012 at 8:48 am
Wow, he really tweezed that out as an advertisement for his service. Boy, it’s been decades. I remember reading that old Pernoulle legend in some book I threw out years ago, maybe Cringely’s.