A security firm reported Thursday that it had discovered the fourth state-sponsored virus in the Middle East in a span of three years that targeted computers in Lebanon.
Kaspersky Lab, the security firm, revealed its findings about "Gauss," a name used to describe the malware identified in June but it went dormant when command-and-control (C&C) servers shut down.
Apparently, the Gauss shares traits with other malware, notably Flame - the digital espionage tool aimed at Iran that scouted systems ripe for data thievery, Roel Schouwenberg, senior researcher at Kaspersky, said in an interview to Computerworld.
The commonalities prompted the security firm to conclude that Gauss, like Flame, Stuxnet and Duqu was created by a nation-state or it was funded by one or more governments.
Speaking on Gauss, Schouwenberg said told Computerworld: "It's very clear that [Gauss] was built on the same platform as Flame. All these cyber weapons are like one another and Gauss is part of that as well."
Previously, security experts identified Stuxnet similar to Duqu and Flame with Stuxnet. Similarly, Gauss is linked with Stuxnet, the malware that sabotaged Iran's nuclear fuel enrichment program.
Gauss is the first government-backed malware that uses the banking module. The Trojan steals credentials in several Middle Eastern banks headquartered in Lebanon, including the Bank of Beirut, EBLF, BlomBank, ByblosBank, FransaBank and Credit Libanais. It also targets Citibank and PayPal users.
As the malware's infrastructure was closed last month, before Kaspersky could probe the servers, it was not able to find exactly what Gauss did when it was operational.
"It appears [Gauss] was used as a surveillance tool. We currently believe it was used to monitor accounts and money flow. We don't think they were trying to actually take the money," Schouwenberg told Computerworld.
Kaspersky has identified about 2500 machines infected with Gauss, with two-thirds located in Lebanon and another 19% in Israel.
While Kaspersky is yet to fully crack Godel's code, Schouwenberg said he suspected it was a cyber weapon designed to cause physical damage and that developers had gone to a lot of trouble to hide its purpose, using an encryption scheme that could take months or years to unravel.
Meanwhile, a U.N. agency that advises countries on protecting infrastructure plans to send an alert on the mysterious code, Reuters has stated.