Huffpost Technology

Gauss: Virus Like Stuxnet Found, Russian Security Firm Claims

Posted: Updated:

Security researchers on Thursday said they discovered a new computer virus that infected about 2,500 computers across the Middle East and appeared to target banks in Lebanon.

Researchers at Kaspersky Lab, a Russian security firm, said the virus began infecting computers last September, but they did not discover it until two months ago. The servers that controlled it stopped working in July, they said.

The malicious software -- nicknamed "Gauss" -- shared similarities with three other viruses that have been found in the region since 2009, the researchers said in a blog post.

After analyzing its code, they concluded there "was some form of collaboration" between the unknown hackers behind Gauss and the creators of Stuxnet, a cyber weapon found in 2009 that damaged Iran's nuclear program.

The United States, along with Israel, launched Stuxnet as part of a series of covert cyber attacks against Iran that began during the Bush administration, according to a report earlier this year in The New York Times.

But Gauss' mission was different, the researchers said. While Stuxnet targeted Iran's nuclear facility, Gauss appeared to target banks in Lebanon, as well as users of Citibank and PayPal, they said.

The malware -- which they said was designed for "stealth and secrecy" -- appeared to have stolen online banking credentials from a variety of sources, including social networks, emails and instant messages.

Gauss was also likely created by the same hackers who built another piece of malware called "Flame" because the two viruses shared similar code, according to Kasperksy Lab. Flame infected hundreds of computers across the Middle East, stealing victims' data and spying on their online activities.

Flame monitored computer users by taking screenshots of their email or Instant Messenger conversations, recording their audio conversations from an internal microphone or through Skype, and using Bluetooth technology to steal data on devices located near the infected computer.

But while Flame infected only 700 computers, mostly located in Iran, Gauss infected about 2,500 machines, with more than half in Lebanon. The researchers estimated the total number of victims from computers by Gauss could be "tens of thousands."

The researchers said the virus appeared to have been created at the direction of a foreign government because of its sophistication, though they did not specify which one.

The virus earned its moniker because the hackers named part of its code after German mathematician Johann Carl Friedrich Gauss, according to the blog post.

Earlier on HuffPost:

Suggest a correction

Around the Web

'Gauss' Virus Related to Flame, Stuxnet, Kaspersky Says | Ping! Zine

Stuxnet, Flame...Gauss: New spy virus found in Middle East — RT ...

Stuxnet-like virus discovered in Israel,... JPost - National News

Virus found in Mideast can spy on finance transactions | Reuters

Gauss: State-sponsored cyberweapon targets bank accounts - Aug ...

Gauss: The Latest Cyber Weapon in the Stuxnet, Duqu and Flame ...

From Our Partners