Security researcher were always strives to find various PC threats and its infections level so that they can improve their security level and Antivirus trustworthiness.
This time, Guass malware grabbed the attention of most researcher as it much increases the PC vulnerability as well as the risks to loose confidential data from someone PC’s such as bank account details, system information, owner details etc.
This latest piece of threats becomes popular in August mid popularly originated with the name ‘cyber-espionage’.
It’s main purpose is to steal maximum information from the PC’s (specially on Windows 7 32 & 64 bit, Windows 7 SP1, MAC & Linux appears to be safe) including system properties, social networks information, email & IM accounts etc. and target to hijack banking information including PayPal, Citibank according to Kaspersky Lab Expert.
Guass uses the same code base, modular structure resembling and various other similarities to flame, detected in May, 2012. Gauss infected more than thousands of PC in middle east, since it primarily spread out in Lebanon and Iran in the last 10 months.
When gauss attacks to any PC, it tries to steal browser history, cookies, saved passwords or any other crucial information which helps them to easily get into your online bank accounts and steal money from it.
It sends out the collected data from user’s machine to its control and command server (C & C Server). Below are the same major vulnerabilities of this threat:
- Collect computer network connection information
- Hard drive folders, subfolders along with it’s properties and other crucial details
- PC’s hardware information such as CMOS, BIOS, RAM etc.
- Installing the custom Palida Narrow font (Introduction of this font is still unknown).
- Injecting the infected module into USB drivers to steal more information from other computers, removable media or external hard drive and infect them as well.
Below is the detailed architecture about how Gauss damages the system and steals information:
Image Credit: Securelist
How to Check Gauss Infections?
The most common way to test weather your PC is infected by Gauss or not is by finding a font called ‘Palida Narrow’. However, the main purpose of this font is still unknown, says by Kaspersky lab expert.