Stuxnet's command and control. (Krebs On Security)

In Stephen King's apocalyptic horror novel The Stand, a government-created virus escapes into the wild and kills most of the people on Earth. About two years ago, a similar scenario almost came true--but, fortunately for living creatures the bug was the U.S.-and-Israeli-made Stuxnet malware. The unintended victim was Chevron's computer network.

Stuxnet was the highly sophisticated worm that successfully infiltrated Iran's nuclear enrichment plants in 2010. According to The Wall Street Journal, Stuxnet wasted no time infecting friends as well as foes:

Chevron found Stuxnet in its systems after the malware was first reported in July 2010, said Mark Koelmel, general manager of the earth sciences department at Chevron. “I don’t think the U.S. government even realized how far it had spread,” he told CIO Journal. “I think the downside of what they did is going to be far worse than what they actually accomplished,” he said.

As the WSJ’s Rachael King notes, Chevron's Stuxnet infection was apparently unintentional, "much like an experimental virus escaping from a medical lab."

It might be premature to say Stuxnet was the cyberweapon equivalent of Stephen King’s fictional Captain Trips virus, since it seems Chevron wasn’t too badly damaged by the infection. But we wouldn't be surprised if someone were already using that code name for something still in development.

Cover of Kaspersky Lab's report on Gauss

Kaspersky Lab recently uncovered a new and sophisticated cyberweapon they dubbed Gauss. Wired reports that intrepid researchers employed by Russian billionaire and possible Batman Eugene Kaspersky need the public's help figuring out the the malware's mysterious payload:

The warhead gets decrypted by the malware using a key composed of configuration data from the system it’s targeting. But without knowing what systems it’s targeting or the configuration on that system, the researchers have been unable to reproduce the key to crack the encryption.

In blog post published on SecureList.com, one of Kaspersky's experts also mentions another puzzle, the presence of "the uniquely named 'Palida Narrow' font" that is installed along with the malware. If you don't have the knowledge of "cryptology, numerology and mathematics" Kaspersky seeks, investigating Palida Narrow may be for you.

Kaspersky's ThreatPost addressed the intriguing presence of Palida Narrow in a blog entry published Friday. Dennis Fisher wrote that one intriguing theory about Palida Narrow is that it may be "a kind of brand to mark infected PCs for the command-and-control servers."

Kaspersky Lab has published a detailed report on Gauss that gives rates of infection--from 1660 computers infected in Lebanon to 43 compromised machines in the United States--as well as fascinating but possibly useless details like the (most likely fake) names and addresses used to register domains found embedded in the malware's code.

Call Daphne and Velma and put on your orange ascot and get out there and solve this mystery today!

Mr. Kaspersky not looking supervillain-like at all. (Photo: flickr.com/cebitaus)

Eugene Kaspersky's security researchers at Kaspersky Lab have sleuthed out a new "cyber-espionage weapon." The Russian supervillain's (or awesomely cool billionaire, depending on your point of view) labs say this weapon has nearly as cool a name as previously discovered cyber worms Flame and Duqu--"Gauss." It also has a specific and potentially telling target: Lebanese lending institutions. Bloomberg tells us more:

"Similar to Flame and Duqu, another cyber-espionage weapon, Gauss is a complex cyber-expionage toolkit, with its design emphasizing stealth and secrecy," Alexander Gostev, Kaspersky's chief security specialist, said in the statement. "However its purpose is different. Gauss targets multiple users in select countries to steal large amounts of data, with a specific focus on banking and financial information.'

Officials at one of the targeted institutions would only admit to Bloomberg that they were aware of the worm.

Kaspersky Lab's blog post about the threat gives a timeline detailing Gauss's life and the timing of its discovery, which Kaspersky writes "was made possible due to strong resemblances and correlations between Flame and Gauss."

Could it be Gauss, like Flame, was made in the USA? Maybe we'll find out if America's cyber weapons gurus are still leaking like a watering can.

Sorry, we can't help ourselves. (http://commons.wikimedia.org/)

Could the Flame malware infection be any more straight out of a spy movie? Answer: nope. Ars Technica reports that attackers have now issued a "suicide" command to the infected computers, thereby essentially scrubbing its tracks.

Discovered by Kaspersky Lab, the malware has made headlines because of the eye-catching little detail that, at 20 megabytes, it's much bigger than the dreaded Stuxnet and designed to collect dirt on the user of the infected machine. That said, it's not a particularly far-reaching infection, targeting largely computers in the Middle East, including Iran. Unsurprisingly, it's thought to be nation-state designed, rather than the work of cyber criminals. Cyber criminals can probably jack your password without designing something that big. 

Symantec researchers broke it down (in a post dramatically named "Flamer: Urgent Suicide"):

Late last week, some Flamer command-and-control (C&C) servers sent an updated command to several compromised computers. This command was designed to completely remove Flamer from the compromised computer. The Flamer attackers were still in control of at least a few C&C servers, which allowed them to communicate with a specific set of compromised computers.

Ars Technica interprets:

As a result, the compromised computers in the honeypot [deliberately infected computers, used to study things like Flame] deleted at least 163 files and four folders belonging to the sprawling set of modular code. The self-destruct mechanism then overwrote the disk with random characters to prevent researchers from studying the files.

Maybe everyone's gotten in wrong and Flame is an incredibly sophisticated viral marketing campaign for an upcoming Tom Clancy novel. Hey, it could happen.