A newly discovered virus is infecting computers in the Middle East, and it was allegedly manufactured by a nation-state.
According to a post from Kaspersky Lab, the "Trojan" type malware known as Gauss is closely related to other well known viruses including Flame, initially reported on by the same security company in May.
Kaspersky Lab's Securelist blog said that “Gauss is a complex cyber-espionage toolkit created by the same actors behind the Flame malware platform. It is highly modular and supports new functions which can be deployed remotely by the operators in the form of plugins.”
According to Ping!Zine, the virus itself was discovered through efforts from the International Telecommunications Union. "Like others including Flame and Stuxnet, it primarily targets middle-eastern countries," the hi-tech industry magazine reported, naming Lebanon, Israel and the Palestinian Authority as locations that have been affected. "Also like Flame and Stuxnet, it originated from a nation state," the report added.
Five different servers are reportedly used to control the operation via “command-and control domains.” Gauss succeeds in performing tasks such as intercepting passwords and cookies, infecting USB sticks, hijacking account information, accessing system configuration data and more.
Kaspersky said that the virus likely began operating sometime between August and September of 2011. However, a key finding signaled Gauss isn’t completely active. “The Gauss command-and-control (C&C) infrastructure was shutdown in July 2012. At the moment, the malware is in a dormant state, waiting for its C&C servers to become active again,” commented the report.