Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
The newly found code dubbed "Gauss" appears to be a cyber-espionage toolkit that has the ability to intercept passwords, steal computer system configuration information and access credential information for banks located in the Middle East. But researchers at Kaspersky Lab in Russia say things don't seem to be only as they appear. "We're talking about a complex package," says senior security researcher Kurt Baumgartner, who says the code appears to be created by a nation-state. "It's unique and different in a few ways; it maintains code and has similar functionality to Flame and Stuxnet." Flame and Stuxnet are computer viruses that have the ability to rewrite code. Stuxnet targeted Iran's nuclear program. It rewrote code that caused enrichment centrifuges to spin out of control, rendering them useless. The U.S. and Israel are widely believed to be behind the creation of the virus.
Baumgartner says researchers have had a harder time understanding what Gauss was actually created to do, or what its payload really is. A payload is a piece of code or technology that is being delivered within a software package. Baumgartner says the stealing of credentials and monitoring capability may be just a smokescreen for something more sinister. "It's very likely that its meant to cover up or hide whatever that payload is," says Baumgartner, who adds that it's possible the code was designed to avoid detection until it reached its final target.
Kaspersky Lab posted an appeal on its company website for encryption experts to try to help crack the code. They say they've gotten a number of responses from "talented people." "There's all sorts of speculation we could make about what's really in the payload," says Baumgartner. "But for a blob of encrypted data to reside within a piece of code that's related to Stuxnet and that has spread to thousands or tens of thousands of machines in that region, it suggests that there is a more significant or more important payload."
So far, Kaspersky says most of the "Gauss" detections have been in Lebanon, with a smaller number reported in Israel. Researchers have no idea how the code spreads, but say that it has the ability to infect USB ports that, once infected, can spread to as many as 30 computers before the code self destructs. The toolkit earned its name because of references discovered within the code that pay tribute to mathematicians and philosophers. Johann Carl Friedrich Gauss was a German mathematician.
Solving "Gauss" – CNN Security Clearance - CNN.com Blogs
The attack, known as Shamoon, is said to have hit "at least one organisation" in the sector. Shamoon is capable of wiping files and rendering several computers on a network unusable. On Wednesday, Saudi Arabia's national oil company said an attack had led to its own network being taken offline. Although Saudi Aramco did not link the issue to the Shamoon threat, it did confirm that the company had suffered a "sudden disruption". In a statement, the company said it had now isolated its computer networks as a precautionary measure. The disruptions were "suspected to be the result of a virus that had infected personal workstations without affecting the primary components of the network", a statement read. It said the attack had had "no impact whatsoever" on production operations.
Rendered unusable
On Thursday, security firms released the first detailed information about Shamoon. Experts said the threat was known to have had hit "at least one organisation" in the energy sector. "It is a destructive malware that corrupts files on a compromised computer and overwrites the MBR (Master Boot Record) in an effort to render a computer unusable," wrote security firm Symantec. The attack was designed to penetrate a computer through the internet, before targeting other machines on the same network that were not directly connected to the internet. Once infected, the machines' data is wiped. A list of the wiped files then sent back to the initially infected computer, and in turn passed on to the attacker's command-and-control centre. During this process, the attack replaces the deleted files with JPEG images - obstructing any potential file recovery by the victim.
'Under the radar'
Seculert, an Israel-based security specialist, also analysed the malicious code and concluded that it had unusual characteristics compared with other recent attacks. "The interesting part of this malware is that instead of staying under the radar and collect information, the malware was designed to overwrite and wipe the files," the company said. "Why would someone wipe files in a targeted attack and make the machine unusable?" Shamoon is the latest in a line of attacks that have targeted infrastructure. One of the most high-profile attacks in recent times was Stuxnet, which was designed to hit nuclear infrastructure in Iran. Others, like Duqu, have sought to infiltrate networks in order to steal data.
BBC News - Shamoon virus targets energy sector infrastructure
European Union governments on Monday agreed on further sanctions against Iran's banking, shipping and industrial sectors, cranking up financial pressure on Tehran in the hope of drawing it into serious negotiations on its nuclear program. The decision by EU foreign ministers reflected mounting concerns over Iran's nuclear intentions and Israeli threats to attack Iranian atomic installations if a mix of sanctions and diplomacy fails to lead to a peaceful solution.
EU foreign policy chief Catherine Ashton said she hoped that turning up the heat on the Islamic Republic would persuade it to make concessions and that negotiations could resume "very soon." "I absolutely do think there is room for negotiations," said Ashton, who represents the United States, China, Russia, Britain, France and Germany in their on-and-off talks with Iran. "I hope we will be able to make progress very soon."
The new sanctions mark one of the EU's toughest moves against Iran to date and a significant change of policy for the 27-member bloc, which has hitherto focused largely on targeting specific people and companies with economic restrictions. The EU has lagged the United States in imposing blanket industry bans because it is concerned not to punish ordinary Iranian citizens while inflicting pain on the Tehran government.
Iran maintains that its nuclear project has only peaceful energy purposes and has refused in three rounds of talks since April to scale back its uranium enrichment activity unless major economic sanctions are rescinded. But governments in Europe and the United States, doubting Iran's preparedness for more than dilatory "talks about talks", are instead tightening the financial screws on Tehran and fears of a descent into a new Middle East war are growing.
More EU okays fresh Iran sanctions; new version of Flame virus uncovered - Israel News, Ynetnews