Five days after they discovered virus Gauss in more than 2,500 computers, the majority in Lebanon, researchers from Kaspersky Lab recognized the malware can not win. Faced with the inability to destroy the virus, the company had to ask for help.
Among the many intriguing Gaussian components there is a “warhead” encrypted looking for a specific computer system without connecting to the Internet and install automatically if you find this setting.
“Despite our best efforts, we can not break the encryption,” wrote the researchers from Kaspersky to your blog on Tuesday (14). Therefore, the company published all available information about the virus, hoping that someone “can find a solution and unlock its secrets.”The company invited all interested in cryptology, numerology and mathematics to join it to extract data from the virus.
Virus may have been created by the same group that developed Flame
So far it’s hard to tell precisely what is behind the Gauss. The clues indicate that this is a very sophisticated virus produced by the same state or group of states, which developed Flame, the virus that spied on computers in Iran until May this year. Stuxnet, the virus that disrupted the work of uranium enrichment in Iran in 2010, could also be related.
The purpose of Gauss seems to be to get log-ins for email accounts, instant messaging, social networks, and especially major accounts in banks. The Bank of Beirut, Blom Bank, Byblos Bank, Credit Libanais, Citibank and Paypal payment system companies were affected.
However the warhead of the virus suggests that the attackers are after something bigger. The investigators reported that it is large enough to contain a function of the type Stuxnet. This virus was able to rotate the atomic centrifuges Iran out of control, preventing the enrichment of uranium.
If researchers are right and Gauss have been produced by a state, this is the first time that such a virus is developed with financial goals. The virus discovered earlier in Iran have always been directed against the country’s nuclear program.
Lebanese experts have said previously that a campaign of espionage directed at U.S. banks in Lebanon would be meaningless. The United States has concerns that Lebanese banks are used to help the Syrian regime and Hezbollah, and the military group and political party in Lebanon.