Kaspersky Seeks Help Decrypting Gauss Malware Payload

Kaspersky Lab is asking for help in decrypting the new Gauss malware’s mysterious payload.

“The malware tries to decrypt this payload using several strings from the system and, upon success, executes it,” the company explained in a recent blog post. “Despite our best efforts, we were unable to break the encryption. So today we are presenting all the available information about the payload in the hope that someone can find a solution and unlock its secrets. We are asking anyone interested in cryptology and mathematics to join us in solving the mystery and extracting the hidden payload.”

“The team said that that the resource section, which contains the encrypted payload, ‘is big enough to contain a Stuxnet-like SCADA targeted attack code and all the precautions used by the authors indicate that the target is indeed high profile,'” Infosecurity reports.

“Vitaly Kamluk, chief malware analyst at Kaspersky Lab, told TechWeekEurope it was likely all the targets of Gauss were picked manually,” writes TechWeekEurope’s Tom Brewster. “‘It must be [going after] something very critical,’ he said.”

“In its Tuesday blog post, Kaspersky included the first 32 bytes of encrypted data and hashes from the enigmatic payload,” writes Computerworld’s Gregg Keizer. “‘If you are a world-class cryptographer or if you can help us with decrypting [this], please contact us by e-mail: theflame@kaspersky.com,’ said Kaspersky. The company also said it would provide more encrypted data on request.”

Jeff Goldman
Jeff Goldman
Jeff Goldman has been a technology journalist for more than 20 years and an eSecurity Planet contributor since 2009.

Top Products

Related articles