Does make you wonder.
Why Microsoft got let off the hook.
Security firms are investigating what looks to be another piece of state-sponsored malware, which has been targeting banks in the Middle East and distributing an unknown payload. Dubbed Gauss by Kaspersky Labs, the malware first seemed to be a module of the highly sophisticated Flame virus but has now been recognized as a …
I'd shoot (at least beat up) those blasphemous smart asses, who have the impudence to use the great names.
C.F. Gauß (Princeps Mathematicorum) , P. S. Lagrange, K.F. Gödel. When Apple got their "Newton" , it was obnoxious, as was naming the kernel Darwin .
And BTW, it it's Taylor, not Tailor as in "Taylor Series", idiots.
One of the banks listed was Blom Bank and they seemed to have taken a proactive response to the threat. First off as a preventive measure they have OTPs sent to mobile phones. Secondly they added a detection script to their internet banking site that checks for palida font as was described by kaspersky as one way to distinguish if you were infected and show a warning to users. It seems it brought on results.
At least it's nice to see that there is some positive response. But nice touch on that palida font strategy for the malware makers.
Puzzling, but perhaps it was a relatively unobtrusive yet reliable way for the bad guys to remotely detect a successful infection via a browser and a bit of Java Script.
Regardless, the cat is out of the bag now and the reliability of that method has diminished significantly.
It puzzles me as to why one would want to install some font as an infection payload. This site:
http://blog.crysys.hu/2012/08/on-the-palida-narrow-mystery-of-gauss-malware-and-possible-remote-detection/
has some ideas. But for now, if we want to mess with people's heads, where can we obtain a copy of Palida Narrow? I suppose I could rename a copy of Lucida Bright Narrow*.
Get this on enough (uninfected) systems and pretty soon the significance of having it will be compromised.
Better yet, rename Dingbats. Then it will be obvious which web sites' CSS specifiy it and might be up to no good.