Friday, August 10, 2012

Gauss samples - Nation-state cyber-surveillance + Banking trojan

Just a quick post for those who can't sleep until get to play with Gauss
The highest number of infections is recorded in Lebanon, with more than 1600 computers affected. The Gauss code  (winshell.ocx) contains direct commands to intercept data required to work with Lebanese banks – including the Bank of  Beirut, Byblos Bank and Fransabank. 
In Israel and the Palestinian Territory, 750 incidents have been recorded." (Kaspersky)


   Download all the files listed below as a password protected archive (email me if you need the password)

List of files

List of files for download:

│       CBB982032AED60B133225A2715D94458_devwiz.ocx
│       08D7DDB11E16B86544E0C3E677A60E10_100-dskapi.ocx
│       23D956C297C67D94F591FCB574D9325F_100-dskapi.ocx
│       9CA4A49135BCCDB09931CF0DBE25B5A9-mcdmn.ocx
│       5604A86CE596A239DD5B232AE32E02C6_smdk.ocx
│       90F5C45420C295C73067AF44028CE0DD_smdk.ocx
│       DE2D0D6C340C75EB415F7263388351


  1. Is Gauss an indication of military grade malware now migrating to commercial sector, then to all the other high-value victim groups?

  2. No, it's looking into funds going in and out of Hezbollah and the like. And not likely military.

  3. If it is the proved, it is deployed by a state actor to espionage political funding movements, rights?

  4. Gauss is the most recent cyber-surveillance operation in the Stuxnet, Duqu and Flame saga.

    It was probably created in mid-2011 and deployed for the first time in August-September 2011.

    Gauss was discovered during the course of the ongoing effort initiated by the International Telecommunications Union (ITU), following the discovery of Flame. The effort is aimed at mitigating the risks posed by cyber-weapons, which is a key component in achieving the overall objective of global cyber-peace.