March 21, 2013
Gauss Aimed at Iranian Banking System?
Money in an Iranian bank? Might be safer in Cypress.
Gauss. A novel scheme encrypting one of its main engines has so far defied attempts to crack it, generating intrigue and raising speculation that it may deliver a warhead that's more destructive than anything the world has seen before.Just sayin'.....
Gauss has the ability to steal funds and monitor data from clients of several Lebanese banks, making it the first publicly known nation-state sponsored banking trojan. It's also programmed to collect a dizzying array of information about the computers it infects—including its network connections, processes and folders, BIOS, CMOS, RAM, and both local and removable drives.
But the most intriguing characteristic of Gauss is an encrypted payload that has so far remained undeciphered, despite the best efforts of cryptographers who have already tried millions of possible keys.
"Given how careful the attackers were to make sure the Gauss payload doesn't fall into the 'wrong' hands, we can assume it is very special."