It was only a matter of time before some cyber surveillance team would finally stumble upon a virus this hard to crack. Kaspersky Lab says financial transactions, email and social networking are spied on by a virus called Gauss.
Although Kaspersky Lab says the virus that spies on financial transactions has only been identified in the Middle East, that’s no reason to sit at ease. Experts say the Gauss virus comes from the same laboratories that created Stuxnet, the virus thought to have been used by the United States and Israel to shut down Iran’s nuclear facilities.
Kaspersky also linked high end cyber espionage viruses Flame and Duqu to the virus currently infecting computers in the Middle East. “After looking at Stuxnet, Duqu and Flame, we can say with a high degree of certainty that Gauss comes from the same ‘factory’ or ‘factories’” reads Kaspersky Lab’s report.
Security experts with Kaspersky noticed that the virus that spies on financial transactions carries one module labeled Godel, with an attack similar to Stuxnet. Roel Schouwenberg, senior researcher with the security firm, believes Godel carries in its code a “warhead” very similar to Stuxnet.
“All these attack toolkits represent the high end of nation-state-sponsored cyber-espionage and cyber war operations” said Kaspersky Lab on its website. For now, computers in Lebanon, Israel and the Palestinian Territories have been infected.
The Gauss virus is able to spy on financial transactions as well as email and social networking activity. The Middle East virus steals passwords, among other data, and uses it to access systems and send information that gives access to banking systems. The Gauss virus is also able to rob users of their social networks’ login IDs, as well as IM and email accounts.
The virus that spies on financial transactions in the Middle East contains several modules that experts with Kaspersky believe are named in honor of great philosophers and mathematicians. Kurt Godel and Joseph-Louis Lagrange are two of the modules in the virus, but Gauss (after Johann Carl Friedrich Gauss) seems to be the most important.
Kaspersky experts are still trying to break the code in the Gauss virus. Schouwenberg believes the Gauss virus creators made a lot of effort to hide the real purpose of the virus. But he says a virus like Gauss could easily attack and damage infrastructure of critical importance.