Feeds

back to article Middle Eastern Gauss malware could be state sponsored

Security firms are investigating what looks to be another piece of state-sponsored malware, which has been targeting banks in the Middle East and distributing an unknown payload. Dubbed Gauss by Kaspersky Labs, the malware first seemed to be a module of the highly sophisticated Flame virus but has now been recognized as a …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

Does make you wonder.

Why Microsoft got let off the hook.

5
5
Boffin

Re: Does make you wonder.

Makes me wonder about Kasperski. Since Stuxnet code is now available for anyone to co-opt, how does seeing something new in the wild which uses parts of that code implicate the original authors?

0
0
Anonymous Coward

Re: Does make you wonder.

How they found out about HSBC money laundering or Standard and Chartered helping move Iranian money.

Where does the finger point?

0
0
Bronze badge
WTF?

don't dare

I'd shoot (at least beat up) those blasphemous smart asses, who have the impudence to use the great names.

C.F. Gauß (Princeps Mathematicorum) , P. S. Lagrange, K.F. Gödel. When Apple got their "Newton" , it was obnoxious, as was naming the kernel Darwin .

And BTW, it it's Taylor, not Tailor as in "Taylor Series", idiots.

1
1
P_0

Re: don't dare

"C.F. Gauß (Princeps Mathematicorum) , P. S. Lagrange, K.F. Göde...l"

...Milligan, Cleeves, Everett, Sessions.

1
0
Bronze badge

Re: don't dare

What did you want to say by that?

0
0
Linux

proactive response

One of the banks listed was Blom Bank and they seemed to have taken a proactive response to the threat. First off as a preventive measure they have OTPs sent to mobile phones. Secondly they added a detection script to their internet banking site that checks for palida font as was described by kaspersky as one way to distinguish if you were infected and show a warning to users. It seems it brought on results.

At least it's nice to see that there is some positive response. But nice touch on that palida font strategy for the malware makers.

1
0
Anonymous Coward

Re: proactive response

Puzzling, but perhaps it was a relatively unobtrusive yet reliable way for the bad guys to remotely detect a successful infection via a browser and a bit of Java Script.

Regardless, the cat is out of the bag now and the reliability of that method has diminished significantly.

0
0
Anonymous Coward

Installing a font...

...is perhaps better than creating a discretely positioned text file.

I'll have to remember this.

0
0
Trollface

Wouldn't it be funny...

...if they decided to use a secure OS rather than that Windwoes shite. I can just see the malware writers tearing their hair out!

0
2
Silver badge

Re: Wouldn't it be funny...

The specific exploit that this uses according to Kapersky, is this one: Link

Note the date. This was patched in August 2010. What exactly is the solution to people who don't keep their software up to date?

1
0
Bronze badge
Holmes

Palida Narrow?

It puzzles me as to why one would want to install some font as an infection payload. This site:

http://blog.crysys.hu/2012/08/on-the-palida-narrow-mystery-of-gauss-malware-and-possible-remote-detection/

has some ideas. But for now, if we want to mess with people's heads, where can we obtain a copy of Palida Narrow? I suppose I could rename a copy of Lucida Bright Narrow*.

Get this on enough (uninfected) systems and pretty soon the significance of having it will be compromised.

Better yet, rename Dingbats. Then it will be obvious which web sites' CSS specifiy it and might be up to no good.

0
0
Silver badge

Re: Palida Narrow?

"Get this on enough (uninfected) systems and pretty soon the significance of having it will be compromised."

I am failing to see why you would want to assist the spread of malware.

0
0
This topic is closed for new posts.