Stuxnet. Duqu. Flame. To the list of weaponized viruses being discovered in computers across the Middle East that look like state-sponsored cyberweapons, we can now add a newcomer: Gauss. Reported last night by Russian security firm Kaspersky, Gauss seems to represent an attack on a new front, targeting finances rather than the infrastructure assets assaulted by previous viruses.
Security experts suspect that Gauss has been operating in the wild since September of last year. They’ve found traces of infections in more than 2,500 computers so far, the vast majority of which have been at banks in Lebanon, Israel, and the Palestinian territories. It’s worth noting that the 2,500 number is a low estimate of Gauss’ actual range — Kaspersky can only find infections on systems using Kaspersky Labs software. Coupled with the fact that security aficionados are still unclear on exactly how the virus spreads, and that means real infection rates could be dramatically higher.
Rather than the eye-popping feats of a virus like Stuxnet, which could manipulate oil pipelines and nuclear reactors in the real world, Gauss plays a more subtle game — one that’s more akin to traditional hackery. After infiltrating bank systems, it intercepts and tracks data regarding money movements. Researchers suspect the virus could also be used to drain funds and freeze accounts, making it a convenient and effective tool to hamper the economic efficiency of a target. A target like, wild shot in the dark here, Iran, who it’s a safe bet is doing business with Lebanese banks through its support for the Lebanese arm of Hezbollah.
Gauss has been offline since last month — when security experts zeroed in on the program and began studying it, its command servers went offline. That’s similar too, but less serious than the reaction of another similar program, Flame, which received and executed a “kill command” once it was uncovered in May of this year, erasing itself from infected systems.
Just who is behind Gauss and programs like it is still unclear, but suspicion has fallen heavily on a joint operation between U.S. and Israeli military and intelligence services. And when you’re talking about a program that looks to heavily target banks with links to Iranian-linked Hezbollah, there are certainly worse educated guesses.
- The low-down on Stuxnet
- And the first taste of what it could do
- Here’s how Flame fell on it’s own sword