Anti-Gauss Malware Tools

Free Gauss detection tools

SOURCE: http://www.computerworld.com/s/article/9230170/Security_experts_push_free_Gauss_detection_tools

Kaspersky Lab and the Laboratory of Cryptography and System Security (CrySys) at the Budapest University of Technology and Economics, both security organizations, have released online tools for Windows users that check for possible infections by Gauss, the newly-revealed cyber surveillance malware, suspected to have been built by one or more governments. According to Kaspersky, this malware monitors financial transactions with Middle Eastern banks. The coding practices used in this malware is similar to those used in Flame, an advanced spying and data-stealing toolkit that targeted Iranian computers. Flame has a notable ability to fake the Windows Update service as a way to infect updated Windows machine. Kaspersky doubts that Gauss is just a run-of-the-mill money-stealing Trojan.

Both CrySys and Kaspersky sniff out Gauss by looking for a custom-built font, dubbed "Palida Narrow," that the malware adds to infected machines. The use of this font still baffles security experts.

The CrySys Gauss-detecting tool is available here: 

http://gauss.crysys.hu/results.php

Kaspersky's Gauss sniffer can be found here: 

https://www.securelist.com/en/blog/724/Online_Detection_of_Gauss

Many antivirus programs, including those from Kaspersky and Symantec, also detect Gauss through their traditional signature-based software. So, folks, consider yourself warned. You know what to do. Either use one or both tools listed above or use Kaspersky and Symantic antiviruses to scan your computers. Don't forget to update their database first before you scan.

There are still many facets of Gauss that remain mysterious, including whether relies on one or more unpatched bugs -- "zero days" in security speak -- to compromise infected computers. One payload that Gauss installs is heavily encrypted, making it difficult for security firms to analyze it for now.