Gauss virus discovered by kaspersky Lab, sends bank transaction information to anonymous creator

Kaspersky Lab detected a new virus group which is suffieicent enough to steal your bank transaction on the fly. The new cyber-threat has been reported to be targeting the middle-east region.

Gauss is a complex, nation-state sponsored cyber-espionage toolkit designed to steal sensitive data, with a specific focus on browser passwords, online banking account credentials, cookies, and specific configurations of infected machines.

Annalytics at Kaspersky Lab indicates that Guass began operating in the September 2011 timeframe. It was first discovered in June 2012, resulting from the knowledge gained by the in-depth analysis and research conducted on the Flame malware.

Since late May 2012, more than 2,500 infections were recorded by Kaspersky Lab's cloud-based security system, with the estimated total number of victims of Gauss probably being in the tens of thousands. This number is lower compared to the case of Stuxnet but it's significantly higher than the number of attacks in Flame and Duqu.

Analysis of Gauss shows it was designed to steal data from several Lebanese banks including the Bank of Beirut, EBLF, BlomBank, ByblosBank, FransaBank and Credit Libanais. In addition, it targets users of Citibank and PayPal.

Gauss is very similar to the Flame and Stuxmet, using the same LNX bulnerability. Gauss is capable of "disinfecting" the drive under certain circumstances, and uses the removable media to store collected information in a hidden file.

There still a noticable different between the predecessor Flame, Stuxnet and Gauss. The highest no. of computer hits by Flame was recorded in Iran, while the majority of Gauss victim were located in Lebanon.

when it was discovered as part of a United Nations-backed effort to reduce the global impact of cyber weapons. It was likely released into the wild in September of last year.

At the present time, the Gauss Trojan is successfully detected, blocked and remediated by Kaspersky Lab's products, classified as Trojan-Spy.Win32.Gauss.