Free Gauss cyber-attack Detection Tools

Palida NarrowBoth Kaspersky and CrySyS offer free Gauss online detection tools for windows users. Gauss is cyber surveillance malware that is designed to collect information about infected systems, as well as steal login credentials from banks, email, instant message accounts, and social networking sites.

Gauss is designed to collect information and send the data collected to its command-and-control servers. Information is collected using various modules, each of which has its own unique functionality:[ref]SecureList:Gauss: Abnormal Distribution. Retrieved on August 12, 2012[/ref]

    • Injecting its own modules into different browsers in order to intercept user sessions and steal passwords, cookies and browser history.
    • Collecting information about the computer’s network connections.
    • Collecting information about processes and folders.
    • Collecting information about BIOS, CMOS RAM.
    • Collecting information about local, network and removable drives.
    • Infecting USB drives with a spy module in order to steal information from other computers.
    • Installing the custom Palida Narrow font (purpose unknown).
    • Ensuring the entire toolkit’s loading and operation.
    • Interacting with the command and control server, sending the information collected to it, downloading additional modules.

    The Kaspersky Lab Global Research & Analysis Team (GReAT) white paper state that Gauss was designed for 32-bit Windows operating systems, though some modules do not work under Windows 7, SP1. There is also a separate spy module operational for USB drives that are capable of collecting information from 64-bit Windows operating systems.[ref] SecureList[[/ref] Mac and Linux users are not affected. Almost all infected users are from the Middle East with minor incidents recorded in the United States.

    Fortunately, Gauss left a calling card: Infected computers received a custom font called “Palida Narrow,” so testing for infection is as simple as finding the font. —Jared NewmanPCWorld

    Kaspersky’s sniff tool can be found here (scroll down and look for the Palida Narrow online detection results). You can also check results with CrySyS, at their font detection page here.


    Leave a reply