Stuxnet-like virus hits Lebanese banks

The Telegraph reports.

Named Gauss after an apparent reference to a German mathematician contained in its code, the virus has infected more that 2 500 computers, mainly in Lebanon, according to the Russian security firm Kaspersky Lab.

It is designed to spy on customers of the Lebanese banks BlomBank, ByblosBank and Credit Libanais, analysis showed. Citibank and PayPal customers have also been targeted, Kaspersky Lab said.

Kaspersky Lab would not speculate on who was behind Gauss, but said the virus was connected to Stuxnet and two other related cyber espionage tools, Flame and Duqu, The Guardian notes. The US department of defence declined to comment.

“After looking at Stuxnet, Duqu and Flame, we can say with a high degree of certainty that Gauss comes from the same 'factory' or 'factories,'” Kaspersky on its Web site.

“All these attack toolkits represent the high-end of nation-state-sponsored cyber-espionage and cyber war operations.”

Jeffrey Carr, an expert on cyber-warfare who runs security firm Taia Global, said the US government has long monitored Lebanese banks for clues about the activities of militant groups and drug cartels. He said Gauss was likely built by adapting technology deployed in Flame.

Several analysts said they were not surprised to hear that most of the Gauss infections were discovered in Lebanon, NBC News.com states.

“Beirut is a hot spot for the clandestine movement of money by states,” said a former US intelligence expert on money laundering who asked not to be named.