Gauss-Another failure for AV industry?

Viruses and worms
1

http://www.wired.com/threatlevel/2012/08/gauss-espionage-tool/
http://www.securelist.com/en/blog/208193767/Gauss_Nation_state_cyber_surveillance_meets_banking_Trojan
http://www.securelist.com/en/downloads/vlpdfs/kaspersky-lab-gauss.pdf
http://www.securelist.com/en/analysis/204792238/Gauss_Abnormal_Distribution%20#GAUSS

4th failure for antivirus industries after stuxnet,duqu and flame??

2

Hi true indian,

Two remarks: 1. Gauss was based on the Flame-platform.
2. It is was spread via USB sticks. So what we need is a decent USB av solution.
There are not many tools like Mx One Antivirus 4.5, which is a Mexican solution specially designed for pendrives/USB sticks,

polonus

3
2. It is was spread via USB sticks. So what we need is a decent USB av solution. There are not many tools like Mx One Antivirus 4.5, which is a Mexican solution specially designed for pendrives/USB sticks,
you also have these MCshield 2 http://amf.mycity.rs/mcshield/ ClamWin http://portableapps.com/apps/security/clamwin_portable Panda USB Vaccine http://www.pandasecurity.com/homeusers/downloads/usbvaccine/
4

Microsoft just released defs. for this today.

http://www.microsoft.com/security/portal/Threat/Encyclopedia/Search.aspx?query=Gauss

It looks like Avast is detecting this also.

http://www.avast.com/virus-update-history

5

Hi Marc57,

Here users can detect if they have a Gauss infection or not: http://www.securelist.com/en/blog/724/Online_detection_of_Gauss
or go here: http://gauss.crysys.hu/index.php
Gauss installs a particular lettertype that was until now unknown, Palida. So check if you have Palida there.
Info link source: http://www.security.nl/artikel/42623/1/Lettertype_ontmaskert_spionagevirus_Gauss.html (link author = redaktie Security NL)

polonus

I got: “Your computer is probably not infected by Gauss malware”.

6

Sorry guys, just for Pol, as it’s only available in German, atm. :wink:
http://www.heise.de/security/meldung/Font-Installation-durch-Gauss-Trojaner-wirft-Fragen-auf-1665561.html

7

Hi Asyn,

The detection or check was made by Kaspersky Lab together with the Hungarian Researchlab CrySyS.
Why would that only work for German users, is beyond me.
Gauss installs Palida onto a victim’s computer. I haven’t heard that that was geo-specific?

polonus

8

Well, my link was in German, nothing else. :wink:

9

Hi Asyn,

I think that Dutch leading article must have had a German origin.
These security sites are real copy-cats. Whatever, we also informed our users here,

polonus

10

Well, at least we’re informed and did spread the news… :wink: