Gauss: Researchers release detection tools

STOYAN NENOV/REUTERS - Researchers have released Web-based tools to let anyone check if they have been affected by malware known as Gauss.

After announcing the discovery of a new malicious software that targets financial data, researchers have created new, Web-based tools that let anyone check if they’ve been infected.

The new malware, Gauss, shows ties to previous state-sponsored viruses Flame and Stuxnet, but targets financial data. Those viruses were aimed at computers tied to Iran’s nuclear program; Gauss is primarily found in Lebanon.

More tech stories

Consumers could face big changes from net neutrality rules

Consumers could face big changes from net neutrality rules

New rules proposed by the government could change how consumers experience media online.

Because shark bites are the worst

A man explains the clever wet suits he designed to deter shark attacks.

Our absurd shortage of traffic lights

Our absurd shortage of traffic lights

Our world’s roads are far too chaotic, and more traffic lights could easily fix that.

Two groups — Russian-based Kaspersky Labs, which first published information on Gauss and Flame, and the Hungarian research lab Crysys — are detecting the malware by looking for a font that shows up on infected machines called Palida Narrow.

Roel Schouwenberg, senior researcher at Kaspersky Labs, said that researchers still don’t know why Gauss’s creators included the font file.

He said there has been some speculation that the font’s name could be a play on the words “Paladin Arrow,” a weapons reference that would hint at destructive capabilities. Thus far, Gauss appears to have only been used for surveillance, but there are parts of the virus’s code that may hide further capabilities.

Whatever the reason for the font file, Schouwenberg said, it is acting as a convenient infection marker.

“We checked the code, there’s nothing in there,” he said. “It’s strange that they would go to the extent of building a font file.”

Kaspersky Labs has found around 2,500 occurrences of Gauss, which has been circulating since the fall of 2011.

Related stories:

Newly discovered malware linked to Stuxnet, Flame

U.S., Israel developed Flame computer virus to slow Iranian nuclear efforts, officials say

Newly identified computer virus, used for spying, is 20 times size of Stuxnet

 
Read what others are saying