Petaling Jaya, August 16, 2012 - Kaspersky Lab recently announced the discovery of Gauss, a complex, nation-state sponsored cyber-espionage toolkit. Gauss contains many info-stealing capabilities, with a specific focus on browser passwords, online banking account credentials, and system configurations of infected machines. Kaspersky Lab’s experts discovered Gauss by identifying the commonalities the malicious program shares with Flame. Since late May 2012, more than 2,500 infections have been recorded by Kaspersky Lab’s cloud-based security system, with the majority of infections found in the Middle East.
Kaspersky Lab’s experts published a research paper about Gauss that analyzed its primary functions and characteristics, in addition to its architecture, the malware’s unique modules, communication methods, and its infection statistics. However, several mysteries and unanswered questions about Gauss still remain. One of the most intriguing aspects is related to Gauss’s encrypted payload.
“The purpose and functions of the encrypted payload currently remain a mystery,” said Aleks Gostev, Chief Security Expert, Global Research and Analysis Team, Kaspersky Lab. “The use of cryptography and the precautions the authors have used to hide this payload indicate its targets are high profile. The size of the payload is also a concern. It’s big enough to contain coding that could be used for cyber-sabotage, similar to Stuxnet’s SCADA code. Decrypting the payload will provide a better understanding of its overall objective and the nature of this threat.”
Kaspersky Lab would like to invite anyone with an interest in cryptography, reverse engineering or mathematics to help find the decryption keys and unlock the hidden payload. More details and a technical description of the problem are available in our blogpost at Securelist.com
No comments:
Post a Comment