Just a quick post for those who can't sleep until get to play with Gauss
and the blogpost: "Gauss: Nation-state cyber-surveillance meets banking Trojan"
Excerpt:
The highest number of infections is recorded in Lebanon, with more than 1600 computers affected. The Gauss code (winshell.ocx) contains direct commands to intercept data required to work with Lebanese banks – including the Bank of Beirut, Byblos Bank and Fransabank.
The highest number of infections is recorded in Lebanon, with more than 1600 computers affected. The Gauss code (winshell.ocx) contains direct commands to intercept data required to work with Lebanese banks – including the Bank of Beirut, Byblos Bank and Fransabank.
In Israel and the Palestinian Territory, 750 incidents have been recorded." (Kaspersky)
Download
Download all the files listed below as a password protected archive (email me if you need the password)
├───devwiz.ocx
│ CBB982032AED60B133225A2715D94458_devwiz.ocx
│
├───dskapi.ocx
│ 08D7DDB11E16B86544E0C3E677A60E10_100-dskapi.ocx
│ 23D956C297C67D94F591FCB574D9325F_100-dskapi.ocx
│
├───mcdmn.ocx
│ 9CA4A49135BCCDB09931CF0DBE25B5A9-mcdmn.ocx
│
├───smdk.ocx
│ 5604A86CE596A239DD5B232AE32E02C6_smdk.ocx
│ 90F5C45420C295C73067AF44028CE0DD_smdk.ocx
│
├───windig.ocx
│ DE2D0D6C340C75EB415F7263388351
25_windig.ocx
│
└───winshell.ocx
4FB4D2EB303160C5F419CEC2E9F57850_winshell.ocx
7AC2799B5337B4BE54E5D5B03B214572_winshell.ocx
EF6451FDE3751F698B49C8D4975A58B5_winshell.ocx
Is Gauss an indication of military grade malware now migrating to commercial sector, then to all the other high-value victim groups?
ReplyDeleteNo, it's looking into funds going in and out of Hezbollah and the like. And not likely military.
ReplyDeleteIf it is the proved, it is deployed by a state actor to espionage political funding movements, rights?
ReplyDeleteplease give me password.
ReplyDeletethanks!
Gauss is the most recent cyber-surveillance operation in the Stuxnet, Duqu and Flame saga.
ReplyDeleteIt was probably created in mid-2011 and deployed for the first time in August-September 2011.
Gauss was discovered during the course of the ongoing effort initiated by the International Telecommunications Union (ITU), following the discovery of Flame. The effort is aimed at mitigating the risks posed by cyber-weapons, which is a key component in achieving the overall objective of global cyber-peace.