Flame I'm Gonna Live Forever

Get Scooby In The Mystery Machine: Kaspersky Lab Needs Help Decrypting Gauss

Gauss creators have good taste in fonts.
gauss Get Scooby In The Mystery Machine: Kaspersky Lab Needs Help Decrypting Gauss

Cover of Kaspersky Lab’s report on Gauss

Kaspersky Lab recently uncovered a new and sophisticated cyberweapon they dubbed Gauss. Wired reports that intrepid researchers employed by Russian billionaire and possible Batman Eugene Kaspersky need the public’s help figuring out the the malware’s mysterious payload:

The warhead gets decrypted by the malware using a key composed of configuration data from the system it’s targeting. But without knowing what systems it’s targeting or the configuration on that system, the researchers have been unable to reproduce the key to crack the encryption.

In blog post published on SecureList.com, one of Kaspersky’s experts also mentions another puzzle, the presence of “the uniquely named ‘Palida Narrow’ font” that is installed along with the malware. If you don’t have the knowledge of “cryptology, numerology and mathematics” Kaspersky seeks, investigating Palida Narrow may be for you.

Kaspersky’s ThreatPost addressed the intriguing presence of Palida Narrow in a blog entry published Friday. Dennis Fisher wrote that one intriguing theory about Palida Narrow is that it may be “a kind of brand to mark infected PCs for the command-and-control servers.”

Kaspersky Lab has published a detailed report on Gauss that gives rates of infection–from 1660 computers infected in Lebanon to 43 compromised machines in the United States–as well as fascinating but possibly useless details like the (most likely fake) names and addresses used to register domains found embedded in the malware’s code.

Call Daphne and Velma and put on your orange ascot and get out there and solve this mystery today!

Follow Steve Huff via RSS. shuff@observer.com