Friendly forums for passionate Dems!
More than 91 million posts since 2001
Home Latest Greatest Videos Forums Hide ads Join up!
Home Latest Greatest
Videos Forums Help
Hide ads Join up!
Latest Discussions»General Discussion»Nation-sponsored malware ...
Welcome to DU! The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards. Join the community: Create a free account Support DU (and get rid of ads!): Become a Star Member Latest Breaking News General Discussion The DU Lounge All Forums Issue Forums Culture Forums Alliance Forums Region Forums Support Forums Help & Search

General Discussion

Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region Forums

DainBramaged

(39,191 posts) Thu Aug 9, 2012, 04:34 PM Aug 2012

Nation-sponsored malware with Stuxnet ties has mystery warhead

Researchers have uncovered yet another state-sponsored computer espionage operation that uses state-of-the-art software to extract a wealth of sensitive data from thousands of machines located mostly in the Middle East.

"Gauss," as Kaspersky Lab researchers have dubbed the malware, was devised by the same "factory" or "factories" responsible for the Stuxnet worm used to disrupt Iran's nuclear program, as well as the Flame and Duqu Trojans. Some researchers say the latter two malware titles may have provided the reconnaissance needed for operations such as Stuxnet. Gauss is known to have infected 2,500 computers connected to Kaspersky's cloud-based security system, and researchers with the firm say tens of thousands of additional machines may also be affected. The highest concentration of attacks are found in Lebanon, followed by Israel and the Palestinian territories.

"The discovery of Gauss indicates that there are probably many other related cyber-espionage malware in operation," Kaspersky researchers wrote in a 48-page report published Thursday morning (a condensed blog post is here). "The current tensions in the Middle East are just signs of the intensity of these ongoing cyber-war and cyber-espionage campaigns."

Like Duqu, Gauss is highly modular, and it shares a "fair deal of code" with Flame. Its developers failed to remove debugging information before unleashing the malware, however, allowing researchers to uncover details about the computers used to develop the malware. A version developed in December and January, for instance, resided in the Windows directory c:\documents and settings\flamer\desktop\gauss_white_1, providing another clue it has close ties to Flame, which is also known as Flamer and didn't come to light until May. Gauss and Flame also share a similar command and control infrastructure, code references, and encryption subroutines. Gauss, which appears to be an homage to the German mathematician and scientist Johann Carl Friedrich Gauss, comes from the name one of the developers gave to the main module. Developers appear to have named other modules after famous mathematicians and philosophers Kurt Godel and Joseph-Louis Lagrange.

http://arstechnica.com/security/2012/08/nation-sponsored-malware-has-mystery-warhead/



InfoView thread info, including edit history TrashPut this thread in your Trash Can (My DU » Trash Can) BookmarkAdd this thread to your Bookmarks (My DU » Bookmarks) 0 replies, 691 views
ShareGet links to this post and/or share on social media AlertAlert this post for a rule violation PowersThere are no powers you can use on this post EditCannot edit other people's posts ReplyReply to this post EditCannot edit other people's posts Rec (0) ReplyReply to this post
Reply to this discussion
Latest Discussions»General Discussion»Nation-sponsored malware ...
Home | Latest Discussions | Greatest Discussions | Latest Videos | All Forums

About | Copyright | Privacy | Terms of service | Contact

In Memoriam

© 2001 - 2024 Democratic Underground, LLC. Thank you for visiting.