Can YOU crack the Gauss uber-virus encryption?

Monty Solomon monty at
Mon Sep 3 16:52:17 PDT 2012

Appeal for help to break open hidden scrambled payload

John Leyden, *The Register*, 14 August 2012

Antivirus experts have called on cryptographers and other clever bods for
help after admitting they are no closer to figuring out the main purpose of
the newly discovered Gauss supervirus.

While it's known that the complex malware features many information-stealing
capabilities, with a specific focus on capturing website passwords, online
banking account credentials and system configuration data from infected
machines, the content of the virus's encrypted payload is still a mystery.

Kaspersky Lab had tracked Gauss for weeks before announcing its discovery
last week. Antivirus experts at the security biz and elsewhere have been
burning the midnight oil in the days since, and although progress has been
made - for example in analysing its architecture [1], unique modules and
communication methods - the payload encryption is unbroken.

Researchers reckon the hidden binary blob, when decrypted and executed,
looks for a program specifically named using an extended character set, such
as Arabic or Hebrew. What that program might be remains unclear as long as
the encryption remains unbroken.

The general concuss among security experts is that Gauss - like Flame, Duqu
and Stuxnet before it - is a nation-state sponsored cyber-espionage toolkit,
quite possibly built from the same components as Flame. ...

  [One of my colleagues suggests that unraveling the hidden payload would
  require breaking some serious crypto, and that someone successfully doing
  so might not be in a position to want to claim success.  But RISKS awaits
  any further news on this topic.  PGN]


More information about the cypherpunks-legacy mailing list