Thursday, August 09, 2012

  • Thursday, August 09, 2012
  • Elder of Ziyon
Here are the conclusions of a full analysis of the newly-discovered "Gauss" malware, written by Kaspersky Labs:
Gauss is the most recent development from the pool of cyber-espionage projects that includes Stuxnet, Flame and Duqu. It was most likely created in mid-2011 and deployed for the first time in August-September 2011.

Its geographical distribution is unique; the majority of infections were found in Lebanon, Palestine and Israel. One of the modules from Jan 2012 contains the path “c:\documents and settings\flamer\desktop\gauss_white_1”. The “flamer” in the path above is the Windows username that compiled the project. Given the focus on Lebanon, the “white” version identifier can probably be explained as following: “the name Lebanon comes from the Semitic root LBN, meaning “white”, likely a reference to the snow-capped Mount Lebanon.” (Wikipedia)

Code references and encryption subroutines, together with the Command and Control infrastructure make us believe Gauss was created by the same “factory” which produced Flame. This indicates it is most likely a nation-state sponsored operation.

Between Gauss’ functions, the “Winshell.ocx” module which gives the name to the malware as “Gauss”, steals credentials required to access online banking accounts for several Lebanese banks – including the Bank of Beirut, Byblos Bank and Fransabank. This is the first publicly known nation-state sponsored banking Trojan.

Another feature which makes Gauss unique is its encrypted payload, which we haven’t been able to unlock. The payload is run by infected USB sticks and is designed to surgically target a certain system (or systems) which have a specific program installed. One can only speculate on the purpose of this mysterious payload.
The discovery of Gauss indicates that there are probably many other related cyber-espionage malware in operation.

The current tensions in the Middle East are just signs of the intensity of these ongoing cyber-war and cyber-espionage campaigns.
It isn't too hard to guess that some Lebanese banks are probably a major conduit for Westerners to transfer money illicitly to and from Iran. Following the money is a time honored way for spies to find what they are looking for.

It is worth noting that Eugene Kaspersky, founder of Kaspersky Labs which has been discovering a lot of this nation-state malware, has ties to the KGB and has a view of the Internet that is decidedly anti-freedom. Not that his researchers are not doing a good job, but he is a political animal and he will make sure his company only does what his politics allows - and his politics coincides to a great degree with what Russia wants.

EoZTV Podcast

Podcast URL

Subscribe in podnovaSubscribe with FeedlyAdd to netvibes
addtomyyahoo4Subscribe with SubToMe

search eoz




follow me

Follow by Email


Elder: elder -at- elderofziyon dot com
Mrs. Elder: mrs.elder -at-



For $18 donation

Sample Text

EoZ's Most Popular Posts Ever


Elder of Ziyon - حـكـيـم صـهـيـون

This blog may be a labor of love for me, but it takes a lot of effort, time and money. For over 12 years and over 25,000 articles I have been providing accurate, original news that would have remained unnoticed. I've written hundreds of scoops and sometimes my reporting ends up making a real difference. I appreciate any donations you can give to keep this blog going.


Donate to fight for Israel!

Monthly subscription:
Payment options

One time donation:

subscribe via email

Follow EoZ on Twitter!



The Jerusalem Report:"A seemingly indefatigable one-man operation, armed only with a computer, chutzpa and stamina."

Algemeiner: "Fiercely intelligent and erudite"

Omri: "Elder is one of the best established and most respected members of the jblogosphere..."
Atheist Jew:"Elder of Ziyon probably had the greatest impression on me..."
Soccer Dad: "He undertakes the important task of making sure that his readers learn from history."
AbbaGav: "A truly exceptional blog..."
Judeopundit: "[A] venerable blog-pioneer and beloved patriarchal figure...his blog is indispensable."
Oleh Musings: "The most comprehensive Zionist blog I have seen."
Carl in Jerusalem: "...probably the most under-recognized blog in the JBlogsphere as far as I am concerned."
Aussie Dave: "King of the auto-translation."
The Israel Situation:The Elder manages to write so many great, investigative posts that I am often looking to him for important news on the PalArab (his term for Palestinian Arab) side of things."
Tikun Olam: "Either you are carelessly ignorant or a willful liar and distorter of the truth. Either way, it makes you one mean SOB."
Mondoweiss commenter: "For virulent pro-Zionism (and plain straightforward lies of course) there is nothing much to beat it."
Didi Remez: "Leading wingnut"

Interesting Blogs


Abbas liar Academic fraud administrivia al-Qaeda algeria American Jews Amnesty analysis anti-semitism apartheid arab refugees Arafat archaeology art ASHREI B'tselem bahrain bbc BDS BDSFail Bedouin Beitunia beoz book review breaking the silence Cardozo Chanukah Christians conspiracy theories Cyprus Daphne Anson Davis report DCI-P double standards Egypt Elder gets results ElderToons Electronic Intifada EoZNews eoztv Erekat EU Euro-Mid Observer Fake Civilians 2014 Fatah featured Features fisking flotilla Forest Rain free gaza freedom of press palestinian style future martyr Gary Spedding gaza Gaza Platform George Galloway George Soros gideon levy gilad shalit gisha Goldstone Report Good news Grapel Guardian gunness Haaretz hamas Hamas war crimes hasbara Hasby 2014 Hasby 2016 Hebron helen thomas hezbollah history Hizballah Holocaust denial honor killing HRW Human Rights Humanitarian crisis humor Hypocrisy ICRC Ilan Pappe impossible peace incitement Indonesia international law intransigence iran Iraq Islamic Judeophobia Islamism Israel Loves America Israeli culture Israeli high-tech J Street jabalya jeremy bowen Jerusalem jewish fiction Jewish Voice for Peace jihad jimmy carter John Kerry jokes jonathan cook Jordan Juan Cole Judaism Judea-Samaria Kairos Karl Vick ken roth khalid amayreh Khaybar Lebanon leftists Linkdump lumish mahmoud zahar Malaysia max blumenthal McGraw-Hill media bias Methodist Miftah Mohammed Assaf Mondoweiss moonbats Morocco music Muslim Brotherhood Nakba Natural gas Nazi News nftp NGO NIF norpac NYT Occupation offbeat Omar Barghouti Opinion oxfam PA corruption PalArab lies Palestine Papers pallywood pchr PCUSA Peter Beinart Petra MB poll Poster Preoccupied Prisoners propaganda Proud to be Zionist purimshpiel Qaradawi Qassam calendar Rafah Ray Hanania real liberals reference Richard Falk rogel alpher roger cohen roger waters Saudi Arabia saudi vice self-death self-death palestinians sex crimes SFSU shechita sheikh tamimi Shujaiyeh Simona Sharoni SodaStream South Africa Speech stamps Syria Tarabin Temple Mount Terrorism This is Zionism Thomas Friedman Tunisia Turkey UCI UK UN UNDP unesco unhrc United Arab Emirates Unity unrwa UNRWA hate unrwa reports UNRWA-USA Varda Vic Rosenthal Washington wikileaks work accident X-washing Yemen zahran zionist attack zoo Zvi

Blog Archive