Equation: The Death Star of Malware Galaxy

The Equation group is a highly sophisticated threat actor that has been engaged in multiple CNE (computer network exploitation) operations dating back to 2001, and perhaps as early as 1996. It is probably one of the most sophisticated cyber attack groups in the world. Read Full Article

What was that Wiper thing?

In April 2012, several stories were published about a mysterious malware attack shutting down computer systems at businesses throughout Iran. Several articles mentioned that a virus named Wiper was responsible. Yet, no samples were available from these attacks, causing many… Read Full Article

The Mystery of the Encrypted Gauss Payload

There are many remaining mysteries in the Gauss and Flame stories. For instance, how do people get infected with the malware? Or, what is the purpose of the uniquely named “Palida Narrow” font that Gauss installs? Perhaps the most interesting mystery is Gauss’ encrypted warhead. Gauss contains a module named “UsbDisk” that features an encrypted payload. The malware tries to decrypt this payload using several strings from the system and, upon success, executes it. Despite our best efforts, we were unable to break the encryption. So today we are presenting all the available information about the payload in the hope that someone can find a solution and unlock its secrets. We are asking anyone interested in cryptology and mathematics to join us in solving the mystery and extracting the hidden payload. Read Full Article

Online detection of Gauss

After the publication of our whitepaper about the Gauss cyber-attack, we have been asked if there is an easy way for users to check their system for infection. Of course the most reliable way is to download and install our antivirus solution, but if someone needs to double-check or for some reason cannot download full antivirus package, we offer a quick and easy way to check for the presence of Gauss component. Read Full Article

Gauss: Nation-state cyber-surveillance meets banking Trojan

Gauss is the most recent cyber-surveillance operation in the Stuxnet, Duqu and Flame saga. It was probably created in mid-2011 and deployed for the first time in August-September 2011. Gauss was discovered during the course of the ongoing effort initiated by the International Telecommunications Union (ITU), following the discovery of Flame, which is part of a sustained effort to mitigate the risk posed by cyber-weapons. Read Full Article