Appeal for help to break open hidden scrambled payload John Leyden, *The Register*, 14 August 2012 Antivirus experts have called on cryptographers and other clever bods for help after admitting they are no closer to figuring out the main purpose of the newly discovered Gauss supervirus. While it's known that the complex malware features many information-stealing capabilities, with a specific focus on capturing website passwords, online banking account credentials and system configuration data from infected machines, the content of the virus's encrypted payload is still a mystery. Kaspersky Lab had tracked Gauss for weeks before announcing its discovery last week. Antivirus experts at the security biz and elsewhere have been burning the midnight oil in the days since, and although progress has been made - for example in analysing its architecture [1], unique modules and communication methods - the payload encryption is unbroken. Researchers reckon the hidden binary blob, when decrypted and executed, looks for a program specifically named using an extended character set, such as Arabic or Hebrew. What that program might be remains unclear as long as the encryption remains unbroken. The general concuss among security experts is that Gauss - like Flame, Duqu and Stuxnet before it - is a nation-state sponsored cyber-espionage toolkit, quite possibly built from the same components as Flame. ... http://www.theregister.co.uk/2012/08/14/gauss_mystery_payload/ [One of my colleagues suggests that unraveling the hidden payload would require breaking some serious crypto, and that someone successfully doing so might not be in a position to want to claim success. But RISKS awaits any further news on this topic. PGN] ------------------------------