Sunday, August 12, 2012

GAUSS – Flame's cousin combined with an e-banking credential stealer

Kaspersky Labs announced on finding a new family of malware which they named Gauss.

The discovered code is similar to flame by many means, most importantly by using modular execution scheme which is much uncommon for a standard virus. Furthermore, they pointed out similarities in code and general behaiour such as encryption type.
As its predecessor, it has several functionalities or modules which was named by its creators after famous mathematicians: Guass, Lagrange, Godel and several others. A difference in behavior is the fact that apperantley, its code is not achieving persistence (adding itself to windows startup and do not propogate throughout the network), and as expected – it is configured to contact C&C servers and feeding them with the collected information on the machine and connected network.
A new record for such a malware is the addition of e-banking credential sniffer, directed on several Lebanease banks and some major retail and e-commerce sites. The sniffing is implemented via browser injection and cookie stealing.
Some important portions of its functionality is still uncharted – the first example is a TrueType font file named Palida Narrow which is added to the attacked system without any apparent reason and another is a large chunk of code that is encrypted and Kaspersky Labs have pleaded for external help on cracking it. Those obscurities have already sparked a wide debate in the appropriate circles.


Blizzard's gaming server has been hacked

Blizzard, the dominant role in on-line gaming, known for World of Warcraft franchise, amongst others, announced today that they gaming servers - battle.net has been compromised, no further details are released on the matter at the moment.

[QUOTE from http://us.blizzard.com/en-us/securityupdate.html:]

Some data was illegally accessed, including a list of email addresses for global Battle.net users, outside of China. For players on North American servers (which generally includes players from North America, Latin America, Australia, New Zealand, and Southeast Asia) the answer to the personal security question, and information relating to Mobile and Dial-In Authenticators were also accessed. Based on what we currently know, this information alone is NOT enough for anyone to gain access to Battle.net accounts.

Rough estimation of total users affected: more than 12 Million.