Step 1: Example of a Global Virus (Olly)

Gauss Virus

The gauss virus is a computer-oriented virus that is able to monitor, track and record banking transactions as well as stealing login information from browsers, cookies and network information. The gauss virus, like any computer virus, is able to replicate itself and spread from computer to computer.

It was discovered by Kaspersky Lab in Moscow. Kaspersky Lab is a computer security firm that tracked the virus and found that it is stealing the data from the citizens of the Middle East. The virus has so far targeted Blombank, Byblos Bank and Credit Libansis, all banks based in Lebanon, spying on the transfers between the bank and their customer. The Lab has confirmed that the Gauss Virus is related to a previous United Nations created to reduce the global impact of cyber weapons.

The Trojan sits quietly inside the computer recording keystrokes and scanning software for any username and password details. This data is then recorded back to the person/persons/organization that sent the Trojan. It is not known how the gauss virus was internally sent to the Middle East. However, Trojans can be sent in almost any file type.

The virus is able to infect more than just computer systems; it is able to find information from hard drives and USB drives, record and store data temporarily in hidden files until the data is needed or available again.

"Virus Seeking Bank Data Is Tied to Attack on Iran." Bits Virus Seeking Bank Data Is Tied to Attack on Iran Comments. N.p., n.d. Web. 12 Dec. 2012.

Step 2: IT Background - how does it work?

  1. The creator imbeds the code for the Trojan inside a file such as a .jpeg
    1. The hacker must scan computers looking for security ports to exploit and infiltrate.
  2. The file is then sent to many hosts, possibly via a list server or randomly messaging people on an instant messaging server.
  3. When the instant message has arrived and if the victim clicks, it downloads but an error message appears. (The person sending the file is able to resend a file with the exact same title and size, but without the virus attached reducing suspicion of the user)
  4. Subsequently, the user does not realize the Trojan has just been downloaded into their computer because it is a silent virus.
  5. The Trojan sits on the host computer logging keystrokes, scanning cookies in browsers, searching software and hardware for any data bytes affiliated with usernames and passwords.
  6. A Trojan also allows a hacker complete control over the host computer. E.g. the hacker is able to watch the users screen, modify or delete files, crash the computer, and even control the input and output devices.

"Gauss Malware: What You Need to Know." PCWorld. N.p., n.d. Web. 12 Dec. 2012.

Who are the stakeholders? How are they affected?

  • Blombank, Byblos Bank and Credit Libansis. The banks who are targeted by the Gauss Virus. The banks lose credibility for being able to secure their customers banking data as well as their banking records, and therefore people may wish to stop using those particular banks.

  • The banking credentials of the users who are targeted by the Gauss virus. Their money has the potential to be redirected during transfers as well as accounts to be drained.

  • The peoples whose login and passwords are being recorded. Their private data is now to be accessed by the person/people who now have their emails and passwords, without their knowledge of someone even having their details.

  • The United States Government. The Lebanese government believes that the US government created the virus because of the banking secrecy laws in Lebanon. Also because the US treasury has been trying to freeze the money of Hezbollah.



What were the short-term problems/consequences?

As far as the banks affected know, there have been no loss of funds in anyone’s account that would depict cyber theft. However, it has only been 4 months since the attack and with the amount of information gauss found it may be data mining to find the best accounts to attack. Blom Bank believes that it was impossible for any of its customers to have lost any money because they have a double authentication login where a one time use only four digit code is sent to the customers mobile phone.

As a result of the attack, the “US government”, is now able to view any transactions between the banks infected and any person/organization/government. They are also able to control any transaction they would like to.

Are there any longer term impacts?

The Lebanese and US government relations are definitely going to be affected by the gauss virus. This is a consequence of speculation by the Lebanese government believing that it was the US government that infected the banks computers, not only because of their secrecy laws, but also because they had a similar cyber attack on Iran in June.

"Gauss Virus Can Spy on Bank Transactions, Steal Social Networking and Email Passwords." Http:ibnlive.in.com///. N.p., n.d. Web. 12 Dec. 2012.

Step 4: Possible Solutions

  • Please describe one technical and one non-technical solution to the Internet threat. Evaluate each. Compare each and then decide which is better.

    A way to prevent the Gauss Virus from infecting a computer is to install an amazing antivirus program that runs against the gauss virus. By doing this the user can be ensured that their computer is protected and therefore they are able to perform tasks like social networking, email and internet banking without the risk of identity theft or theft in general.

    Another way to prevent the gauss virus from infecting a server or computer is to remove all ports in general and only have a network connection that connects the server to controller in another location. The gauss virus can be brought into a network via USB, even without the USB owner knowing about the virus. The virus can sit on the USB and infect any node it is plugged into. Then put the server in a bunker that is physically secure. This makes sure that the gauss virus is unable to be put directly into the servers.


    In terms of practicality and time the antivirus software may be a better option because it is faster to put together. It can also be done at home on a person’s computer and would be much more affordable to an individual. However developing antivirus software that fights against a virus as feared as the gauss virus is very hard. Another problem with the antivirus software is that virus’s are ever changing and it needs to be updated over and over again, where as the bunker with no ports is extremely secure and much harder to break into. But when referring to individual nodes the bunker is not a better option because it is impossible to work a home computer without any ports.

    In an overall comparison, the antivirus software would be a much more effective solution because it can help the greater population as well as big banks fight against the gauss virus.



Please acknowledge your sources by linking throughout the document