The Washington Post

Gauss: Researchers release detection tools


Researchers have released Web-based tools to let anyone check if they have been affected by malware known as Gauss. (STOYAN NENOV/REUTERS)

After announcing the discovery of a new malicious software that targets financial data, researchers have created new, Web-based tools that let anyone check if they’ve been infected.

The new malware, Gauss, shows ties to previous state-sponsored viruses Flame and Stuxnet, but targets financial data. Those viruses were aimed at computers tied to Iran’s nuclear program; Gauss is primarily found in Lebanon.

Two groups — Russian-based Kaspersky Labs, which first published information on Gauss and Flame, and the Hungarian research lab Crysys — are detecting the malware by looking for a font that shows up on infected machines called Palida Narrow.

Roel Schouwenberg, senior researcher at Kaspersky Labs, said that researchers still don’t know why Gauss’s creators included the font file.

He said there has been some speculation that the font’s name could be a play on the words “Paladin Arrow,” a weapons reference that would hint at destructive capabilities. Thus far, Gauss appears to have only been used for surveillance, but there are parts of the virus’s code that may hide further capabilities.

Whatever the reason for the font file, Schouwenberg said, it is acting as a convenient infection marker.

“We checked the code, there’s nothing in there,” he said. “It’s strange that they would go to the extent of building a font file.”

Kaspersky Labs has found around 2,500 occurrences of Gauss, which has been circulating since the fall of 2011.

Related stories:

Newly discovered malware linked to Stuxnet, Flame

U.S., Israel developed Flame computer virus to slow Iranian nuclear efforts, officials say

Newly identified computer virus, used for spying, is 20 times size of Stuxnet

Comments
Show Comments
0 Comments
Washington Post Subscriptions

Get 2 months of digital access to The Washington Post for just 99¢.

A limited time offer for Apple Pay users.

Buy with
Cancel anytime

$9.99/month after the two month trial period. Sales tax may apply.
By subscribing you agree to our Terms of Service, Digital Products Terms of Sale & Privacy Policy.

Get 2 months of digital access to The Washington Post for just 99¢.

Most Read
DJIA -0.03%
NASDAQ 0.48%
Last Update: 01/17/2017(DJIA&NASDAQ)

business

technology

Success! Check your inbox for details.

See all newsletters

Close video player
Now Playing
Read content from allstate
Content from Allstate This content is paid for by an advertiser and published by WP BrandStudio. The Washington Post newsroom was not involved in the creation of this content. Learn more about WP BrandStudio.
We went to the source. Here’s what matters to millennials.
A state-by-state look at where Generation Y stands on the big issues.