A new “cyber-espionage” toolkit that can track browser passwords, online banking credentials, cookies and other personal data has been identified in the wild, security researchers have announced. “Gauss” has until now been targeting users in the Middle-East, Kapersky Lab reports, exploiting previously-unseen loopholes and capable of stealing data from banks including Citibank, PayPal and Bank of Beirut. Somewhat bizarrely – and still unexplained – it also installs a special font on the victim’s machine.
The purpose of that font, called Palida Narrow, is currently unknown, though the trojan’s other abilities are more concerning. Gauss can infect USB drives and monitor browsers, sucking passwords, site history and other credentials and sending them to a remote command machine. It also runs a profile on the infected machine and reports that back, including details on network interfaces, BIOS and what drives are present.
Several Lebanese banks have been specifically targeted, with customers of the Bank of Beirut, EBLF, BlomBank, ByblosBank, FransaBank and Credit Libanais all apparently susceptible. Gauss has also been seen to target users of Citibank and PayPal.
While it shares features with Stuxnet and Flame, Gauss is said to be more complex in how it can hide on a system. Although it uses similar methods to infect removable drives, it’s also capable of “disinfecting” the drive if need be, at other times using it to store data in a hidden file so that it is not discovered by regular local-drive anti-malware scans.
Approximately 2,500 machines are believed to have been infected – more than three times as many as Flame – since what’s said to have been the first victim in September 2011. It’s unclear how the trojan is communicated, and who is remotely operating it.
Gauss malware eats banking details: Flame just got hotter is written by Chris Davies & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.
It sure feels like malware on Mac computers are getting a lot of attention recently. On the eve of Mac OS X Mountain Lion’s launch, a new malware was discovered by some researchers. Known as Morcut or Crisis, this malware arrives in a file named AdobeFlashPlayer.jar. Once it infects a computer, it is said to hide a backdoor component, which opens up your Mac to others on your network; a command-and-control component, so it can accept remote instructions and adapt its behaviour; data stealing code, and more.
It used to be that we could go for months without reading about malware or viruses for Mac computers, but it certainly doesn’t seem to be the case these days. That being said, if you’re a Mac user, there is a new trojan on the loose that you might want to take note of. Discovered by the folks at 
F-Secure, an anti-virus and computer security software company, reportedly received an unsolicited email over the weekend from a purported scientist working at the Atomic Energy Organization of Iran (AEOI). The scientist told F-Secure that their Iranian nuclear systems were struck once again by another cyber attack. F-Secure notes that they cannot confirm the veracity of the email, although they can confirm that the email was sent from within the AEOI. The malware reportedly attacked and brought down the AEOI’s automation network and its Siemens hardware systems. Interestingly, the scientist also said that, for some reason, some of the AEOI’s workstations were playing 
Although some Apple enthusiasts will often say that you won’t have to worry about dealing with malware and virus threats on your Mac or iOS device, recent reports are suggesting otherwise. A user named “deesto” 
While malware is a pretty common thing nowadays, a lot of people still have no clue about it or what they can do to help get rid of it. Well it looks like Facebook is leveraging its popularity to help people with the problem. According to an official announcement by Facebook, the social network is helping out people who think their computers might be affected by malware with the introduction of its Malware Checkpoint for Facebook.
