Gauss Malware Detection Tools Released

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Kaspersky Lab and CrySyS Lab have both released tools designed to detect the newly-discovered Gauss malware.

"Both CrySys and Kaspersky sniff out Gauss by looking for a custom-built font, dubbed 'Palida Narrow,' that the malware adds to infected machines," writes Computerworld's Gregg Keizer. "CrySys first posted a detection tool that relied on the Palida Narrow strategy; Kaspersky took the same approach, but simplified it by inserting an IFRAME element into a Web page. The IFRAME uses JavaScript to check for the presence of the font."

"Roel Schouwenberg, senior researcher at Kaspersky Labs, said that researchers still don’t know why Gauss’s creators included the font file," writes The Washington Post's Stoyan Nenov. "He said there has been some speculation that the font’s name could be a play on the words 'Paladin Arrow,' a weapons reference that would hint at destructive capabilities. Thus far, Gauss appears to have only been used for surveillance, but there are parts of the virus’s code that may hide further capabilities. Whatever the reason for the font file, Schouwenberg said, it is acting as a convenient infection marker."

"Kaspersky unveiled the existence of Gauss yesterday," writes PCMag.com's Chloe Albanesius. "It's a cyber threat targeting users in the Middle East that is intended to steal personal details, like banking information. According to Kaspersky, Gauss includes characteristics not found in any previously discovered cyber weapons. Gauss steals detailed information like browser history, cookies, passwords, and system configurations, Kaspersky said, but it can also steal things like credentials for various online banking systems and payment methods."