Friday, August 10, 2012

Gauss: Kaspersky Discovery, Analysis and Removal Tool

First came Stuxnet, Duqu and then Flame.  The latest is Gauss.  Although Gauss is less sophisticated than Flame, it is a data-stealing banking trojan having already obtained data from the Bank of Beirut, EBLF, BlomBank, ByblosBank, FransaBank and Credit Libanais. Citibank and PayPal users are also reported as being targeted.

As described on Securelist in  Gauss: Nation-state cyber-surveillance meets banking Trojan:
"In 140 chars or less, “Gauss is a nation state sponsored banking Trojan which carries a warhead of unknown designation”. Besides stealing various kinds of data from infected Windows machines, it also includes an unknown, encrypted payload which is activated on certain specific system configurations "

The majority of Kaspersky customers who have been found to be infected with Gauss are located in Lebanon. Others are in Israel and Palestine with a few in the U.S., UAE, Qatar, Jordan, Germany and Egypt.

A quick check to determine if your computer is infected with Gauss is available from CrySyS at The free Kaspersky Virus Removal Tool can be used to remove Dauss from your computer.  

Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

No comments: