New virus can spy on online banking transactions

The latest cyber threat to target users in the Middle East could steal browser passwords and online banking account credentials, according to security firm Kaspersky Lab.

The Moscow-based firm announced on Thursday that it has discovered the cyber surveillance virus, which it calls “Gauss,” in personal computers in Lebanon.

Kaspersky Lab said Gauss is capable of stealing data from the clients of several Lebanese banks and it has also targeted Citibank and PayPal users.

It’s estimated that the virus was deployed around September 2011.

Researchers discovered Gauss due to its strong resemblance to Flame, a cyber virus that infiltrated computers in Iran and was believed to have targeted the country’s nuclear program.

Kaspersky Lab described Gauss as a “complex cyber-espionage toolkit,” which was created by the same individuals behind Flame.

“Gauss bears striking resemblances to Flame, such as its design and code base, which enabled us to discover the malicious program,” said Kaspersky Lab chief security expert Alexander Gostev.

Kaspersky Lab was helping the United Nations' International Telecommunications Union search for destructive malware when it came across Flame.

However, Gostev said that Gauss’ purpose was different than Flame’s.

“Gauss targets multiple users in select countries to steal large amounts of data, with a specific focus on banking and financial information.”

Flame, on the other hand, targeted specific software vulnerabilities and was selective in the computers it attacked.

In a posting on its website, Kaspersky Lab said the detailed data from the infected computers is sent to the attackers.

 “Since late May 2012, more than 2,500 infections were recorded by Kaspersky Lab’s cloud-based security system,” said the company, estimating the total number of victims of Gauss to be in the tens of thousands.

Gauss has since been blocked and remediated by Kaspersky Lab.

Latest viruses could mean ‘end of world as we know it,’ says man who discovered Flame

Eugene Kaspersky: We’re at the mercy of cyberterrorists, armed with weapons more serious than any previous IT security threat

By David Shamah

The Flame virus, whose existence was announced several weeks ago by Eugene Kaspersky, is not just any old virus. It’s so sophisticated that it represents a new level of cyber threat, one that could be “the beginning of the end of the [interconnected] world as we know it,” Kaspersky said at a press conference Wednesday. “I have nightmares about it.”

Information security expert Kaspersky, whose team of researchers uncovered Flame’s existence, was a featured speaker at Wednesday’s second annual cyber-security conference sponsored by the Tel Aviv University’s Yuval Ne’eman Workshop for Science, Technology and Security. The conference comes at a time when interest in cybersecurity is at a peak, as a result of speculation about who was behind the Flame attack and the earlier Stuxnet virus attack that is thought to have damaged, or at least delayed, progress by Iran on its nuclear program.

Also speaking at the conference were a host of top security and government officials, including Defense Minister Ehud Barak, Israel Space Agency chairman Yitzhak Ben-Yisrael, former Shin Bet director Yuval Diskin, and others.

While many companies — including Kaspersky’s — advertise sundry solutions for computer viruses and Trojans, they won’t help when it comes to Flame and other still undiscovered viruses of similar or even greater strength that are likely out there, he said. “Right now we have no way to defend against these global attacks.”

The term “cyber-war” is used by many to describe the situation, but that term — which implies that there are two equal, known enemies duking it out — is outmoded, he said. “With today’s attacks, you are clueless about who did it or when they will strike again. It’s not cyber-war, but cyberterrorism.”

Flame, which has stealthily stolen large chunks of data during the months or perhaps years it has been on the loose, is especially scary because of its many sophisticated tools, said Kaspersky. Besides being able to quickly replicate itself on networks and break up data into very small segments, making it almost impossible to trace as it is sent onwards, the virus has many unique features. “It can of course be spread very quickly via a disk-on-key, when one is plugged into a network,” but in addition, it can use bluetooth, wifi, and other communications protocols to propagate, he said.

The Russian-born Kaspersky, 46, whose company is the world’s largest privately held vendor of software security products, described the process by which his team discovered Flame, saying that he got interested in the matter when he heard that Iran had actually accused his company of designing the attack tool. “We thought that maybe our internal system was compromised, so we conducted a thorough investigation.”

It was this investigation, which entailed contacts with IT personnel in Iran itself, that yielded the data on Flame. “Dealing with what we discovered was too big a job for a company,” so Kaspersky took what he knew to the UN’s International Telecommunications Union, which was just as shocked as he was. “We worked out an arrangement where we would gather the data, and they would take care of the other issues.”

Data-gathering is a technical issue, not a political one, Kaspersky said, so he could not speculate on who invented Flame, or why. But anyone and everyone is a suspect. “There are many countries with hackers and experts who are sophisticated enough to pull something like this off.”

The US, Israel, China, and Russia are on that list, but so is Romania, “which has many talented hackers.”

But even countries without a staff of their own could kidnap the scientists they need or hire “hacktivists” to do their dirty work, and there is no shortage of willing and capable people, Kaspersky said.

Still, any country thinking of stockpiling cyber-weapons of these magnitudes should think twice, Kaspersky said, as they have a way of getting out of control.

“It’s like biological weapons; when you set one off in one place, it affects many others.” Cyber-weapons of the magnitude of Flame are just as destructive. “The world is just so interconnected today, and the viruses that attack one power plant puts them all at risk,” Kaspersky said.

Governments must work together to, for example, order a complete rewrite of software for essential systems to protect them against attacks — “there are still many systems out there using MS-DOS,” Kaspersky said — to agreeing to pool information and act jointly when an attack occurs.

The alternative, Kaspersky said, is a world in which cyberterrorists have a free hand – something like the world in the movie Die Hard 4 (also known as Live Free or Die Hard). That movie’s plot involves hackers causing blackouts, blowing up government buildings, and trying to shut down America’s computer system.

“We at Kaspersky Labs have been aware for a long time that such a scenario was possible, but until that movie came out in 2007, we forbade anyone inside the organization from using the term ‘cyber-terrorist.’ Now that the cat is out of the bag, we routinely use that word to describe what is going on.”

He, and other researchers like him, are hard at work coming up with the solutions as the problems arise. What’s at stake, he said, is nothing less “than life as we know it today. Let’s hope and pray we can keep the cyber world safe for our kids and grandkids.”