The New York Times: For the fourth time in three years, researchers from security vendor Kaspersky Lab have found what they believe to be a state-sponsored piece of malware. Dubbed "Gauss," the latest virus appears to have been written by the creators of Flame and to be possibly related to Stuxnet.
Gauss currently infects about 2,500 systems, primarily in Lebanon. It appears to be collecting user logins for email, IM, social networks and several banks, including the Bank of Beirut, Blom Bank, Byblos Bank, Credit Libanais, Citibank and PayPal. “We have never seen any malware target such a specific range of banks,” said Kaspersky's Costin Raiu. “Generally, cybercriminals target as many banks as possible to maximize financial profit, but this is a very focused cyberespionage campaign targeting certain users of online banking systems.”
Lebanese banks “operate much like Swiss banks” in terms of secrecy, noted Bilal Y. Saab, a Lebanon expert at the Monterey Institute of International Studies. “The United States has had a number of Lebanese banks under the microscope for a while,” he added.