The cyber worm Gauss, designed to steal sensitive data in the Middle East, was found as experts try to mitigate web risks following the discovery of the Flame virus in May, Kaspersky Lab said.
Gauss, while similar to Flame, seems to have a different target, Kaspersky said on its website. Gauss focuses on Lebanon, its banks in particular, while Flame primarily infected computers in Iran, according to the Moscow-based information- technology security company.
An analysis of the new malicious software shows it was designed to steal data from Lebanese lenders including the Bank of Beirut (BOB), BomBank and Byblos Bank, Kaspersky said. Gauss has infected 2,500 machines, while Flame hit about 700.
“Similar to Flame and Duqu, another cyber-espionage weapon, Gauss is a complex cyber-expionage toolkit, with its design emphasizing stealth and secrecy,” Alexander Gostev, Kaspersky’s chief security specialist, said in the statement. “However its purpose is different. Gauss targets multiple users in select countries to steal large amounts of data, with a specific focus on banking and financial information.”
An official at Byblos Bank (BYB), speaking anonymously as she wasn’t authorized to talk about the matter, said the Beirut- based lender was aware of the issue. She declined to give further information.
To contact the reporters on this story: Gwen Ackerman in Jerusalem at firstname.lastname@example.org; Zainab Fattah in Dubai at email@example.com
To contact the editor responsible for this story: Andrew J. Barden at firstname.lastname@example.org