Middle Eastern Gauss malware could be state sponsored
Security firms are investigating what looks to be another piece of state-sponsored malware, which has been targeting banks in the Middle East and distributing an unknown payload. Dubbed Gauss by Kaspersky Labs, the malware first seemed to be a module of the highly sophisticated Flame virus but has now been recognized as a …
This topic is closed for new posts.
Re: Does make you wonder.
Makes me wonder about Kasperski. Since Stuxnet code is now available for anyone to co-opt, how does seeing something new in the wild which uses parts of that code implicate the original authors?
Re: Does make you wonder.
How they found out about HSBC money laundering or Standard and Chartered helping move Iranian money.
Where does the finger point?
don't dare
I'd shoot (at least beat up) those blasphemous smart asses, who have the impudence to use the great names.
C.F. Gauß (Princeps Mathematicorum) , P. S. Lagrange, K.F. Gödel. When Apple got their "Newton" , it was obnoxious, as was naming the kernel Darwin .
And BTW, it it's Taylor, not Tailor as in "Taylor Series", idiots.
Re: don't dare
"C.F. Gauß (Princeps Mathematicorum) , P. S. Lagrange, K.F. Göde...l"
...Milligan, Cleeves, Everett, Sessions.
proactive response
One of the banks listed was Blom Bank and they seemed to have taken a proactive response to the threat. First off as a preventive measure they have OTPs sent to mobile phones. Secondly they added a detection script to their internet banking site that checks for palida font as was described by kaspersky as one way to distinguish if you were infected and show a warning to users. It seems it brought on results.
At least it's nice to see that there is some positive response. But nice touch on that palida font strategy for the malware makers.
Re: proactive response
Puzzling, but perhaps it was a relatively unobtrusive yet reliable way for the bad guys to remotely detect a successful infection via a browser and a bit of Java Script.
Regardless, the cat is out of the bag now and the reliability of that method has diminished significantly.
Installing a font...
...is perhaps better than creating a discretely positioned text file.
I'll have to remember this.
Wouldn't it be funny...
...if they decided to use a secure OS rather than that Windwoes shite. I can just see the malware writers tearing their hair out!
Re: Wouldn't it be funny...
The specific exploit that this uses according to Kapersky, is this one: Link
Note the date. This was patched in August 2010. What exactly is the solution to people who don't keep their software up to date?
Palida Narrow?
It puzzles me as to why one would want to install some font as an infection payload. This site:
http://blog.crysys.hu/2012/08/on-the-palida-narrow-mystery-of-gauss-malware-and-possible-remote-detection/
has some ideas. But for now, if we want to mess with people's heads, where can we obtain a copy of Palida Narrow? I suppose I could rename a copy of Lucida Bright Narrow*.
Get this on enough (uninfected) systems and pretty soon the significance of having it will be compromised.
Better yet, rename Dingbats. Then it will be obvious which web sites' CSS specifiy it and might be up to no good.
Re: Palida Narrow?
"Get this on enough (uninfected) systems and pretty soon the significance of having it will be compromised."
I am failing to see why you would want to assist the spread of malware.
This topic is closed for new posts.
