Starts to rob banks
A newly uncovered espionage tool, which is designed by the spooks who bought the world Flame, appears to have gone off its Iranian target and started infecting Middle-Eastern banks.
Kaspersky Lab, which discovered the malware, dubbed Gauss, in June and published an extensive analysis of it on Thursday. The malware steals system information and has a payload that could be destructive against critical infrastructure. It has been found on 2,500 machines, most of them in Lebanon. It also targets bank accounts in order to capture login credentials. The malware targets banks in Lebanon, including the Bank of Beirut, EBLF, BlomBank, ByblosBank, FransaBank and Credit Libanais. Customers of Citibank and PayPal could also be hit.
It is not clear why US and Israeli governments would want to do that, unless they think some interesting organizations get their funding through these banks. Roel Schouwenberg, senior researcher at Kaspersky Lab said that Stuxnet and DuQu were single-goal operations. But this virus is part of a broader operation.
It is not clear if the bank component in Gauss is to spy on account transactions, or to steal money from targets. Its aim might be to monitor and trace the source of funding going to individuals or groups, or to sabotage political or other efforts by draining money from their accounts.