Gauss: Nation-state cyber-surveillance meets banking Trojan

Jump to navigation Jump to search

(Publication) Google search: [1]

Gauss: Nation-state cyber-surveillance meets banking Trojan
Gauss Nation-state cyber-surveillance meets banking Trojan.png
Botnet Gauss, Stuxnet, Flame
Botnet/malware group
Exploit kits
Distribution vector
Operation/Working group
Date 2012 / August 09,2012
Editor/Conference Kaspersky lab
Link Nation state cyber surveillance meets banking Trojan (Archive copy)
Author GReAT


Gauss is the most recent cyber-surveillance operation in the Stuxnet, Duqu and Flame saga.

It was probably created in mid-2011 and deployed for the first time in August-September 2011. Gauss was discovered during the course of the ongoing effort initiated by the International Telecommunications Union (ITU), following the discovery of Flame. The effort is aimed at mitigating the risks posed by cyber-weapons, which is a key component in achieving the overall objective of global cyber-peace. In 140 chars or less, “Gauss is a nation state sponsored banking Trojan which carries a warhead of unknown designation”. Besides stealing various kinds of data from infected Windows machines, it also includes an unknown, encrypted payload which is activated on certain specific system configurations. Just like Duqu was based on the “Tilded” platform on which Stuxnet was developed, Gauss is based on the “Flame” platform. It shares some functionalities with Flame, such as the USB infection subroutines. In this FAQ, we answer some of the main questions about this operation. In addition to this, we are also releasing a full technical paper (HTML version and PDF version) about the malware’s functionalities.


 @misc{Lua error: Cannot create process: proc_open(/dev/null): failed to open stream: Operation not permitted2012BFR1078,
   editor = {Kaspersky lab},
   author = {GReAT},
   title = {Gauss: Nation-state cyber-surveillance meets banking Trojan},
   date = {09},
   month = Aug,
   year = {2012},
   howpublished = {\url{}},