Lebanese banks infected by 'Gauss' virus

  • Share via facebook
  • Tweet this
  • Bookmark and Share
(Image for illustrative purposes)

(Image for illustrative purposes)

Several Lebanese banks were targeted by a sophisticated new virus capable of stealing financial data, researchers say, with evidence suggesting the cyber attack may have been state-backed.

According to Kasperky Lab, which discovered the attack it dubbed ‘Gauss’, the virus was based on the same platform as Stuxnet, a cyber weapon that attacked Iranian nuclear infrastructure in 2010, and cyber espionage tools Duqu and Flame.

“We’re talking here about Bank of Beirut, Blom Bank, Byblos Bank, Credit Libinais - most of them are banks that are based in Lebanon,” Stefan Tanase, a senior security researcher for Kaspersky Lab based in Moscow, told Arabian Business.

He added that systems belonging to Citibank and online payments firm Paypal had also been infected.

Tanase said that the virus, which is spread via USB drives, was designed to monitor financial transactions and emails and had so far infected around 1,600 computers in the Levant country. He said that researchers had so far not seen evidence to suggest other machines in other countries in the region had been infected.

“The likely case is that [the attacker] is monitoring transaction flows to gather intelligence about their victims,” Tanase said, adding that the virus could be used by “a nation state operation that is financing itself by stealing money from the victims,” but he thought this was unlikely.

Kaspersky Lab refused to speculate on who might be behind the attack, but said that the complexity of Gauss’s code and its shared characteristics with Stuxnet, Duqu and Flame strongly suggested the attack was state-sponsored.

Tanase said that Gauss contained a heavily encrypted payload which would only be triggered when the virus infected a specific machine.

Stuxnet, which also spread via USB drives, had a similarly encrypted module that was only triggered when it infected centrifuges at Iran’s uranium enrichment facility in Natanz. Stuxnet was designed to cause nuclear centrifuges to spin out of control and eventually break, but the plant’s operators discovered the attack before this could occur.

Kasperky Lab’s Tanase said that the security firm had seen the type of encryption used in Gauss before and was hopeful that the company could decrypt the mystery module within a few weeks.

Bank of Beirut, Blom Bank, Byblos Bank, Credit Libinais, Citigroup and Paypal did not immediately response to Arabian Business's request for comment.

Join the Discussion

Disclaimer:The view expressed here by our readers are not necessarily shared by Arabian Business, its employees, sponsors or its advertisers.

Please post responsibly. Commenter Rules

Posted by: socalmonk

Kaspersky Labs may have declined to speculate openly about which state or states might be the origin of this new cyber attack, but I have no doubts, and will be more than happy to call out Israel and the United States, the two nations already most responsible for the instability that plagues the Middle East. Had another nation done this to Israel or the U.S. it would be cause for military action. This cyber-warfare against non-aligned nations has got to stop.

Enter the words above: Enter the numbers you hear:

All comments are subject to approval before appearing

Further reading

Features & Analysis
The politics of big data

The politics of big data

The UAE may be one of the fastest adopters of e-government initiatives...

Gateway to a new era

Gateway to a new era

Could Telr be the answer to start-ups’ prayers? The new three...

7 of the best accounting apps

7 of the best accounting apps

Tamara Pupic tracks down some of the best accounting apps on...

Most Discussed
  • 23
    World's most pierced man refused entry to the UAE

    Tolerance has its limits everywhere including Dubai and those who considered Dubai a lawless circus were held accountable...so thank you Dubai authorities... more

    Thursday, 21 August 2014 10:51 PM - Khalil
  • 17
    UK looks to close tax loophole on expat landlords

    UK taxes too much and too complicated and time taking and confusing and continuous. Returns, lawyers, HMRC, taxes too much for too little. Not worth the... more

    Sunday, 17 August 2014 12:40 PM - AbdolRahman
  • 16
    Baby NOT on board?

    The people commenting here were all 20 years old when they were born, never cried, never screamed and never ran etc etc.

    Thursday, 21 August 2014 8:30 AM - Amer