Gauss

Posted: August 10, 2012

Threat Metric

The Threat Meter is a malware assessment that SpywareRemove.com's research team is able to give every identifiable malware threat. Our Threat Meter includes several criteria based off of specific malware threats to value their severity, reach and volume. The Threat Meter is able to give you a numerical breakdown of each threat's initial Threat Level, Detection Count, Volume Count, Trend Path and Percentage Impact. The overall ranking of each threat in the Threat Meter is a basic breakdown of how all threats are ranked within our own extensive malware database. The scoring for each specific malware threat can be easily compared to other emerging threats to draw a contrast in its particular severity. The Threat Meter is a useful tool in the endeavor of seeking a solution to remove a threat or pursue additional analytical research for all types of computer users.

The following fields listed on the Threat Meter containing a specific value, are explained in detail below:

Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.

Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.

Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.

Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.

% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.

Threat Level:	8/10
Infected PCs:	71

First Seen:	August 11, 2012
OS(es) Affected:	Windows

Gauss is an advanced form of spyware that, due to structural similarities to such advanced PC threats as Flame and Stuxnet, has been labeled as a probable government-issued saboteur and espionage tool, rather than a common thief of personal bank accounts and other such profitable details. Although no stolen accounts have been reported from Gauss attacks, Gauss nonetheless contains features that allow Gauss to access confidential bank information, particularly for Middle Eastern victims. Potential Gauss infections should be considered especially for PC users who work with government or company-secured computers that don't have Internet access, since SpywareRemove.com malware analysts have noted that Gauss includes a USB-based component explicitly to compromise such closed-off systems. As would be expected for such high-end malware, Gauss doesn't show symptoms while Gauss monitors your personal information and is likely to include additional types of security-compromising attacks.

Gauss: a Potential Government Sponsorship of PC Security Assaults

Gauss is a multiple-component PC threat, similar to the Flame worm, and like Flame, Gauss also includes capabilities that allow Gauss to spread through USB flash drives. Insuring that a USB device is uninfected before allowing it to come into contact with another PC should be considered critical for containing a Gauss infection, which will undergo automatic installation (a tactic that SpywareRemove.com malware experts have found to be typical of worms) once the device is plugged in to a new computer.

Gauss's distribution is centered Iran and neighboring regions of the Middle East, although Gauss's information-stealing functions can target such widely-used online services as PayPal and the CitiBank website. Somewhat unusually for spyware with Gauss's capabilities, there are no confirmed reports of actual account theft or other compromises, which has caused many PC security companies to speculate that Gauss is a case of government espionage and passive revenue monitoring, rather than theft. In basic design and overall capabilities, Gauss is reminiscent of similar PC threats (such as Flame and Stuxnet) that are suspected to be designed by Israeli or United States-sponsored coder teams.

The Challenge in Plumbing Gauss's Depths

As a PC threat whose primary module was named after a famous German mathematician, Gauss itself is likewise obtuse to casual inspection and uses advanced encryption techniques to conceal its payload. As a result, SpywareRemove.com malware experts are, at this time, unable to recount a full list of Gauss's other functions, although they note that similar PC threats, such as Stuxnet, have been used for industrial sabotage efforts that can cause significant damage to infected computers.

Users of Lebanese banks should also consider themselves at risk for Gauss infections, a targeting preference that's likely to be related to these institutions' involvement in recent Syrian unrest. Under normal circumstances, casual PC users shouldn't be in much danger of suffering attacks by Gauss, although SpywareRemove.com malware experts still rank Gauss as a high-level security risk that should be removed by dependable anti-malware software as required.

Gauss

Threat Metric

Gauss: a Potential Government Sponsorship of PC Security Assaults

The Challenge in Plumbing Gauss's Depths

Leave a Reply