Gauss: the Latest Event in the Olympic Games	Posted by Sean @ 15:26 GMT

The folks at Kaspersky Lab unveiled their latest "nation state sponsored" discovery yesterday, and they call it… Gauss. It is so named because its "modules have internal names which appear to pay tribute to famous mathematicians and philosophers, such as Kurt Godel, Johann Carl Friedrich Gauss and Joseph-Louis Lagrange."

Gauss was discovered during the "Flame" investigation, which itself has connections to Stuxnet — which in turn was part of a U.S. espionage project code named "Olympic Games".

Interesting.

Here are some additional things of interest regarding Gauss.

According to the analysis, Gauss targets several Lebanese banks and monitors transactions (such as a banking trojan would do).

That's quite something when considered in context with this Wall Street Journal story from April:



Here's another notable detail: Gauss will not install itself if antivirus software is present.

Also, Gauss doesn't like Windows 7 SP 1.


Source: Kaspersky Lab [PDF]

Then there's this little nugget:


Source: Kaspersky Lab

ACDC?

That caught Mikko's attention.

Hey, the #Gauss trojan found by Kaspersky obfuscates it's network traffic by XORing it with value "ACDC". Just saying. securelist.com/en/blog/208193�

— Mikko Hypponen (@mikko) August 9, 2012

Finally, given how the Olympic Games story has evolved, it makes "paranoid" minded folks such as us read this August 6th story from the Wall Street Journal about Standard Chartered bank allegedly laundering $250 billion worth of Iranian funds in a whole new light…



Wired's Kim Zetter has a good summary of Kaspersky's findings: Flame and Stuxnet Cousin Targets Lebanese Bank Customers, Carries Mysterious Payload.