Kaspersky Lab has announced that a new cyber surveillance virus has been found in the Middle East that can spy on banking transactions and steal login information for social networking sites, email and instant messaging, according to a leading computer security firm,.
Dubbed Gauss, the virus may also be capable of attacking critical infrastructure. The Moscow-based firm said it found Gauss had infected more than 2,500 personal computers, the bulk of them in Lebanon, Israel and the Palestinian territories. Targets included Lebanon’s BlomBank, ByblosBank and Credit Libanais, as well as Citigroup’s Citibank and eBay’s PayPalonline payment system.
Officials with the three Lebanese banks said they were unaware of the virus. PayPal spokesman Anuj Nayar said the company was investigating the matter but was not aware of any increase in “rogue activity” as a result of Gauss. A Citibank spokeswoman declined to comment.
Kaspersky Lab would not speculate on who was behind Gauss, but said the virus was connected to Stuxnet and two other related cyber espionage tools, Flame and Duqu.
According to Kaspersky Lab, Gauss can also steal internet browser passwords and other data and send information about system configurations.
Modules in the virus have internal names that Kaspersky Lab researchers believe were chosen to pay homage to famous mathematicians and philosophers, including Johann Carl Friedrich Gauss, Kurt Godel and Joseph-Louis Lagrange.
Kaspersky Lab said it called the virus Gauss because that is the name of the most important module, which implements its data-stealing capabilities.
Gauss also contains a module known as “Godel” that may include a Stuxnet-like weapon for attacking industrial control systems. Stuxnet, discovered in 2010, was used to attack computers that controlled the centrifuges at a uranium enrichment facility in Natanz, Iran.
Godel copies a compressed, encrypted programme onto USB drives. That programme will only decompress and activate when it comes in contact with a targeted system.
A United Nations agency that advises countries on protecting infrastructure plans to send an alert on the mysterious code.