According to company officials, Gauss shares similarities with Flamer, which was discovered in the Middle East in May. Where Flamer was intended to harvest data from industrial environments, Gauss focuses on stealing login credentials for eBanking, social networking and email services.
Bitdefender's Gauss removal tool is available in 32-bit and 64-bit versions.
Kaspersky Lab claimed to be the discoverer of Gauss, which it described as a complex piece of malware.
|
|
Kaspersky updated its free Virus Removal Tool 2011 to deal with Gauss.
It appears that Gauss has been in operation since September 2011, though it was only discovered in June 2012.
Around 2500 systems had been identified as infected by Gauss at the time Kaspersky went public. Most infections are in Lebanon, which is not surprising as the malware reportedly targets Lebanese banks including Bank of Beruit.
The good news is that the Gauss command and control network was shut down shortly after its discovery, and the malware has remained dormant.
A curious feature of Gauss is that it installs a font called Palida Narrow. There is no indication that the font is maliciously malformed, and the suspicion is that it is used as a marker allowing a web server to detect whether the malware is present on a particular system.
Like Stuxnet and Flame, Gauss can spread via USB media, providing a mechanism to reach computers that are isolated from the Internet.
Most security packages should be able to block and clean up Gauss by this stage.
