Kaspersky Lab confirms that Wiper was responsible for the attacks launched on computer systems in Western Asia in April 21 – 30, 2012. The analysis of the hard disk images of the computers that were destroyed by Wiper revealed a specific data wiping pattern together with a certain malware component name, which started with ~D. These findings are reminiscent of Duqu and Stuxnet, which also used filenames beginning with ~D, and were both built on the same attack platform – known as Tilded. Kaspersky Lab began searching for other files starting with ~D via the Kaspersky Security Network (KSN) to try and find additional files of Wiper based on the connection with the Tilded platform. During this process Kaspersky Lab identified a significant number of files in Western Asia named ~DEB93D.tmp. Further analysis showed this file was actually part of a different type of malware: Flame. This is how Kaspersky Lab discovered Flame. Despite Flame being discovered during the search for Wiper, Kaspersky Lab’s research team believes Wiper and Flame are two separate and distinct malicious programs. Although Kaspersky Lab analyzed traces of the Wiper infection, the malware is still unknown because no additional wiping incidents that followed the same pattern occurred, and no detections of the malware have appeared in Kaspersky Lab’s proactive protection. Wiper was extremely effective and could spark others to create new, “copycat” types of destructive malware, such as Shamoon.
Kaspersky Lab Publishes New Research about Wiper, the Destructive Malware Targeting Computer Systems In April 2012 – Dark Reading
Gauss, a new “cyber-espionage toolkit, has emerged in the Middle East and is capable of stealing sensitive data such as browser passwords, online banking accounts, cookies and system configurations, according to Kaspersky Lab. Gauss appears to have come from the same nation-state factories that produced Stuxnet.
According to Kaspersky, Gauss has unique characteristics relative to other malware. Kaspersky said it found Gauss following the discovery of Flame. The International Telecommunications Union has started an effort to identify emerging cyberthreats and mitigate them before they spread.
A new cyber surveillance virus has been found in the Middle East that can spy on financial transactions, email and social networking activity, according to a leading computer security firm, Kaspersky Lab.
Dubbed Gauss, the virus may also be capable of attacking critical infrastructure and was built in the same laboratories as Stuxnet, the computer worm widely believed to have been used by the United States and Israel to attack Iran’s nuclear program, Kaspersky Lab said on Thursday.
The Moscow-based firm said it found Gauss had infected personal computers in Lebanon, Israel and the Palestinian Territories. It declined to speculate on who was behind the virus but said it was related to Stuxnet and two other cyber espionage tools, Flame and Duqu.
“After looking at Stuxnet, Duqu and Flame, we can say with a high degree of certainty that Gauss comes from the same ‘factory’ or ‘factories,’” Kaspersky Lab said in a posting on its website. “All these attack toolkits represent the high end of nation-state-sponsored cyber-espionage and cyber war operations.”
A little more than a week after researchers at Kaspersky Lab discovered one of the “most sophisticated” viruses to date, the authors have sent it a “suicide code” so that it will self-destruct on certain infected computers, according to Symantec, which caught the command while monitoring booby-trapped computers.
The malware, called Flame, is a highly complex malicious tool that has actively targeted computers in the Middle East. The authors are now using what control they have of the virus to force it to self-terminate almost completely without a trace.
Flame was discovered after UN’s telecoms arm reached out to security firms to get help with identifying a virus stealing data from many Middle Eastern computers last month.
After uncovering the malware, Kaspersky Lab, with the assistance of GoDaddy.com and OpenDNS, attempted to take down the virus. But that move only had limited success, Symantec noted, stating that Flame’s authors still had control of a few command and control servers.
A massive, highly sophisticated piece of malware has been newly found infecting systems in Iran and elsewhere and is believed to be part of a well-coordinated, ongoing, state-run cyberespionage operation.
The malware, discovered by Russia-based antivirus firm Kaspersky Lab, is an espionage toolkit that has been infecting targeted systems in Iran, Lebanon, Syria, Sudan, the Israeli Occupied Territories and other countries in the Middle East and North Africa for at least two years.