Gauss virus hits online banking

Online security firms are investigating a new cyber-threat believed to be targeting users in the Middle East.

Security firm Kaspersky Lab says the malware, dubbed “Gauss”, is “a complex, nation-state sponsored cyber-espionage toolkit designed to steal sensitive data, with a specific focus on browser passwords, online banking account credentials, cookies, and specific configurations of infected machines.”

Kaspersky Labs discovered the malware last week. It says the online banking Trojan functionality in Gauss is a unique characteristic that has not been seen in other previously known cyber-weapons.

“It is not known whether the operators are actually transferring funds from the victim’s bank accounts or whether they are simply monitoring finance/funding sources for specific targets,” said a statement on Kaspersky Lab’s website.

Since late May 2012, more than 2,500 infections were recorded by Kaspersky Lab’s cloud-based security system, with the estimated total number of victims of Gauss probably being in the tens of thousands. The vast majority of Gauss victims are located in Lebanon. There are also victims in Israel and Palestine. In the United States, 43 infections have been noted as of August 9, 2012. A few victims in the UAE, Qatar, Jordan, Germany and Egypt have also been identified.

Analysts say that the Gauss malware has similarities with other cyber-threats including Stuxnet, Duqu and Flame. Gauss, like Stuxnet and Flame, can infect USB thumb drives, meaning no Internet connection is necessary to propagate the virus. They believe Gauss was probably created in mid-2011 and deployed for the first time in August-September 2011. In July 2012 the command and control servers of Gauss stopped functioning.