As well as banking credentials, the information covertly harvested by Gauss includes web browsing history and passwords, and detailed technical information about the computer that could assist further attacks.
Kaspersky Lab said it was in the early stages of analysing the code and that it was also possible that Gauss is capable of sabotaging critical infrastructure. Researchers believe one module of code, named Godel after another mathematician, could be a “warhead”, able to cause real damage.
The researchers, who called for help cracking Godel and other encrypted portions of the virus, believe it was created by the same people behind a trio of advanced cyber attacks in the last two years.
Gauss shares unusual design features and elements of software code with Duqu, Flame and Stuxnet, three other espionage and sabotage viruses that researchers believe must have been created by state agencies because of their targets and the level of investment required. Kaspersky Lab said it believed all four were part of the same covert programme.
Other security researchers who have not yet analysed Gauss in detailed cautioned that it could just be the work of criminals who copied state-backed designs. Kaspersky Lab was dismissive, however.
“After looking at Stuxnet, Duqu and Flame, we can say with a high degree of certainty that Gauss comes from the same 'factory' or 'factories,'" it said.
The discovery again raises the stakes in the secret conflict being waged online. Stuxnet, discovered in 2010 and designed to disrupt Iranian nuclear enrichment, was seen as the herald of a new era of statecraft. The others were discovered later as part of an effort by the UN’s International Telecommunications Union to understand state-backed cyber attacks.
It is now known that Stuxnet was created in a joint operation called “Olympic Games” by Israeli and American agencies and personally sanctioned by President Obama, according to The New York Times.
Like Gauss, Duqu and Flame, discovered more recently, are espionage rather than sabotage tools, but all share features with Stuxnet. They are able to spread in a similar way to computers not connected to the internet via USB sticks, for instance.
Kaspersky Lab said that after it discovered Gauss in July the online systems used to remotely control it were shut down. The International Telecommunications Union said it would nevertheless issue a warning to member states to protect their systems.
