A new computer virus tied to some of the most sophisticated cyberweapons thus far discovered has been found circulating in the Middle East, a Moscow-based computer security company said Thursday.
If a link were confirmed, the find would expand the electronic arsenal reportedly deployed by the U.S. and Israel against their rivals in the region.
Kaspersky Lab ZAO said in a statement that the new virus, dubbed “Gauss,” was aimed at stealing financial information from customers of a series of Lebanese banks.
The firm said that similarities in coding, structure, and operation meant it could say “with a high degree of certainty” that Gauss was related to Flame, a sophisticated piece of spyware that prompted an internet blackout across Iran’s oil industry in April, and to Stuxnet, an infrastructure-wrecking worm whose discovery revolutionized the cybersecurity field.
The statement acknowledged that much remained unclear about the virus’s capabilities — including its ultimate purpose. Kaspersky said that the virus’s command-and-control servers were shut down last month, meaning that, for the time being, “the malware is in a dormant state.”
Shares similarities with Flame
Kaspersky outlined several similarities that Gauss shared with Flame, a program that was recently discovered vacuuming information from computers in Iran.
So powerful was the spyware that in late April, Iranian officials briefly disconnected the entire country’s oil industry — including the Oil Ministry, energy rigs, and the strategic Khark Island oil terminal — in a bid to contain Flame’s data theft.
Flame, also known as Flamer or skyWIper, in turn, has been linked to Stuxnet, an ambitious program aimed at sabotaging uranium enrichment at Iranian nuclear facilities. Stuxnet’s discovery in 2010 was of particular interest to cybersecurity professionals because it interfered with the action of German-made centrifuges — the most high-profile example to date of a computer virus causing physical havoc at an industrial facility.
Recent reports in the New York Times and the Washington Post have tied both Flame and Stuxnet to a secret U.S.-Israeli program aimed at destabilizing Iran’s atomic energy program, which many Western countries believe is a cover for the development of nuclear weapons.
It isn’t exactly clear how Gauss would fit into such a program, and Kaspersky acknowledged that stealing money from banks didn’t seem like an activity state-backed actors were likely to be engaged in.
Other anti-virus firms were still digesting Gauss’s code.
“People are definitely getting excited about it because of the supposed connection to Flame and Stuxnet,” Chris Astacio, of San Diego-based Websense, said in a telephone interview. “But without looking at the binary (the raw code of the virus) we can’t really comment.”
Kaspersky said it was working with the International Telecommunication Union to notify those affected by the infection.