back to article Middle Eastern Gauss malware could be state sponsored

Security firms are investigating what looks to be another piece of state-sponsored malware, which has been targeting banks in the Middle East and distributing an unknown payload. Dubbed Gauss by Kaspersky Labs, the malware first seemed to be a module of the highly sophisticated Flame virus but has now been recognized as a …

COMMENTS

This topic is closed for new posts.
  1. Anonymous Coward
    Anonymous Coward

    Does make you wonder.

    Why Microsoft got let off the hook.

    1. The Man Who Fell To Earth Silver badge
      Boffin

      Re: Does make you wonder.

      Makes me wonder about Kasperski. Since Stuxnet code is now available for anyone to co-opt, how does seeing something new in the wild which uses parts of that code implicate the original authors?

    2. Anonymous Coward
      Anonymous Coward

      Re: Does make you wonder.

      How they found out about HSBC money laundering or Standard and Chartered helping move Iranian money.

      Where does the finger point?

  2. eulampios
    WTF?

    don't dare

    I'd shoot (at least beat up) those blasphemous smart asses, who have the impudence to use the great names.

    C.F. Gauß (Princeps Mathematicorum) , P. S. Lagrange, K.F. Gödel. When Apple got their "Newton" , it was obnoxious, as was naming the kernel Darwin .

    And BTW, it it's Taylor, not Tailor as in "Taylor Series", idiots.

    1. P_0

      Re: don't dare

      "C.F. Gauß (Princeps Mathematicorum) , P. S. Lagrange, K.F. Göde...l"

      ...Milligan, Cleeves, Everett, Sessions.

      1. eulampios

        Re: don't dare

        What did you want to say by that?

  3. George 20
    Linux

    proactive response

    One of the banks listed was Blom Bank and they seemed to have taken a proactive response to the threat. First off as a preventive measure they have OTPs sent to mobile phones. Secondly they added a detection script to their internet banking site that checks for palida font as was described by kaspersky as one way to distinguish if you were infected and show a warning to users. It seems it brought on results.

    At least it's nice to see that there is some positive response. But nice touch on that palida font strategy for the malware makers.

    1. Anonymous Coward
      Anonymous Coward

      Re: proactive response

      Puzzling, but perhaps it was a relatively unobtrusive yet reliable way for the bad guys to remotely detect a successful infection via a browser and a bit of Java Script.

      Regardless, the cat is out of the bag now and the reliability of that method has diminished significantly.

  4. Anonymous Coward
    Anonymous Coward

    Installing a font...

    ...is perhaps better than creating a discretely positioned text file.

    I'll have to remember this.

  5. Big-nosed Pengie
    Trollface

    Wouldn't it be funny...

    ...if they decided to use a secure OS rather than that Windwoes shite. I can just see the malware writers tearing their hair out!

    1. h4rm0ny

      Re: Wouldn't it be funny...

      The specific exploit that this uses according to Kapersky, is this one: Link

      Note the date. This was patched in August 2010. What exactly is the solution to people who don't keep their software up to date?

  6. Paul Hovnanian Silver badge
    Holmes

    Palida Narrow?

    It puzzles me as to why one would want to install some font as an infection payload. This site:

    http://blog.crysys.hu/2012/08/on-the-palida-narrow-mystery-of-gauss-malware-and-possible-remote-detection/

    has some ideas. But for now, if we want to mess with people's heads, where can we obtain a copy of Palida Narrow? I suppose I could rename a copy of Lucida Bright Narrow*.

    Get this on enough (uninfected) systems and pretty soon the significance of having it will be compromised.

    Better yet, rename Dingbats. Then it will be obvious which web sites' CSS specifiy it and might be up to no good.

    1. h4rm0ny

      Re: Palida Narrow?

      "Get this on enough (uninfected) systems and pretty soon the significance of having it will be compromised."

      I am failing to see why you would want to assist the spread of malware.

This topic is closed for new posts.

Other stories you might like