NEWS FROM THE LAB - Friday, August 10, 2012

Gauss: the Latest Event in the Olympic Games Posted by Sean @ 15:26 GMT

The folks at Kaspersky Lab unveiled their latest "nation state sponsored" discovery yesterday, and they call it… Gauss. It is so named because its "modules have internal names which appear to pay tribute to famous mathematicians and philosophers, such as Kurt Godel, Johann Carl Friedrich Gauss and Joseph-Louis Lagrange."

Gauss was discovered during the "Flame" investigation, which itself has connections to Stuxnet — which in turn was part of a U.S. espionage project code named "Olympic Games".


Here are some additional things of interest regarding Gauss.

According to the analysis, Gauss targets several Lebanese banks and monitors transactions (such as a banking trojan would do).

That's quite something when considered in context with this Wall Street Journal story from April:

U.S. Probes Lebanon Banking Deals

Here's another notable detail: Gauss will not install itself if antivirus software is present.

Also, Gauss doesn't like Windows 7 SP 1.

Gauss exits if Antivirus is found.
Source: Kaspersky Lab [PDF]

Then there's this little nugget:

Gauss Traffic Encryption, ACDC
Source: Kaspersky Lab


That caught Mikko's attention.

Finally, given how the Olympic Games story has evolved, it makes "paranoid" minded folks such as us read this August 6th story from the Wall Street Journal about Standard Chartered bank allegedly laundering $250 billion worth of Iranian funds in a whole new light…

N.Y. Regulator Accuses Standard Chartered of Illegal Transfers

Wired's Kim Zetter has a good summary of Kaspersky's findings: Flame and Stuxnet Cousin Targets Lebanese Bank Customers, Carries Mysterious Payload.