Gauss Cyber Espionage Threat Targets Banking Info

A new malware threat has been discovered that seems to have the same state-sponsored roots as Stuxnet, Duqu, and Flame.
  • Tony Bradley (PC World (US online))
  • — 10 August, 2012 15:06

Gauss joins the ranks of Stuxnet, Duqu, and Flame as an apparently state-sponsored tool of cyber espionage. This latest threat appears to be built from the same code foundation as Flame, and specifically targets bank credentials and financial data.

Kaspersky Lab--the largest privately held vendor of antimalware and endpoint security products--announced the new threat. A Kaspersky FAQ about Gauss boils the description of Gauss down to a 140-character tweet: Gauss is a nation state sponsored banking Trojan which carries a warhead of unknown designation.

Gauss has been flying under the radar and evading detection since the fall of 2011. Ironically, it was discovered during operations initiated by the International Telecommunications Union (ITU) in the wake of Flame in an effort to detect and mitigate any other stealthy cyber threats. Mission accomplished.

Kaspersky was able to detect and identify the threat--dubbed Gauss because its main module is named after the German mathematician Johann Carl Friedrich Gaussbecause it uses a similar architecture, module structure, code base, and methods of communication with command and control (C&C) servers as its cousin, Flame.

While Flame, Stuxnet, and Duqu seemed to be aimed at Iran, Gauss appears to specifically target Lebanese banks, as well as Citibank and PayPal accounts. Gauss steals browser history, cookies, passwords, and system configurations from compromised systems, and collects usernames and passwords for financial accounts and payment systems.

The initial method of infection is still unknown. Like Flame and Duqu, though, the propagation of Gauss seems to be controlled in order to maintain stealth and avoid detection. Kaspersky has detected 2,500 infected machines so far, and estimates the total number of compromised systems to be in the tens of thousands.

The malware was discovered in June of 2012, and the C&C servers that manage it were effectively shutdown in July of 2012. As a result, Gauss is now in a dormant state.

Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Security Risk Management Solutions

Protect resources and ensure security compliance through incident detection, response, and remediation.

more »

Submit your own security event

Submit your training courses

Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.

Read More
more »