Researchers develop Gauss detection tools

Kaspersky Labs discovered a new computer virus recently dubbed Gauss that targeted banking systems and financial information. According to Kaspersky Labs, the virus has infected over 2,500 computers, primarily located in Lebanon, and targets specific banks and financial institutions such as BlomBank and Credit Libanais. Now, web-based tools have been released that allows anyone to check if they've been infected by Gauss.

Kaspersky detects the virus by checking systems for a font that's included when the virus infects a computer. The font, Palida Narrow, could be a play on words of Paladin Arrow, according to one Kaspersky Labs researcher. While the virus is primarily used for gathering financial information, there are parts of the code that obfuscate other abilities.

The information that the virus gathers isn't limited to sensitive banking details, however, with the malicious software also targeting web browsing histories and passwords. The virus also creates a detailed snapshot of the targeted computer's hardware, designed to help aid any future attacks. The origins of Gauss aren't known, but experts believe it could be a state-designed virus due to the specific banking institutions it's targeting. It could be an attempt to gather the financial activity of a group like Hezbollah or the Iranian government.

Even stranger, after the virus was first discovered by Kaspersky Lab back in July, the remote systems used to control it were abruptly shut down. The makeup of the virus also shares features with other espionage related viruses, further backing up the belief that it's a state-designed effort. Other security experts, however, believe it could simply be the work of coders and criminals that have copied state designs.

[via The Washington Post]