Gauss is a highly complex and sophisticated online banking malware that belongs to the same family as Flame, Duqu and Stuxnet. Gauss seems to be updated version of Stuxnet malware. Similar characteristics of these malwares are as follows:<\/p>\n
The primary focus of Gauss is to steal browser passwords, online banking account credentials and machine information of infected systems. Gauss infects 32-bit Windows machines, but it also contains a separate module for USB drives that can collect information from 64-bit Windows systems as well. Gauss has the ability to infect USB thumb drives with a data-stealing component that exploits the same .LNK vulnerability that was targeted by Stuxnet and Flame. Gauss is also capable of disinfecting the drive under certain circumstances and uses removable media to store collected information in a cleverly hidden file.<\/p>\n
Additionally,\u00a0Gauss also installs a font called ‘Palida Narrow’. This font file does not contain any malicious code. However, it can be used as a marker. This means that an attacker can remotely check if a system is infected by checking to see if this font is installed.\u00a0Gauss uses several other plugins to collect information from the infected computer.<\/p>\n
After execution it drops these following files:<\/p>\n
It modifies\/creates the following registry entries:<\/p>\n