Security researchers at Kaspersky Lab are looking to the cryptography community for help in deciphering the Gauss trojan. Despite their best efforts, the researchers have so far been unable to crack an encrypted payload in the trojan’s “Godel” module; they hope that members of the cryptology and mathematics communities will be able to extract the hidden payload.
The Gauss trojan spreads via USB drives and infects systems using the well-known LNK exploit. These infected drives include two files – “System32.dat” and “System32.bin” – which are 32- and 64-bit versions of the same code which includes several encrypted sections. Once executed, the trojan first gathers information about the victim’s system including running processes, drives and network shares, and save them to another file on the drive named “.thumbs.db”, after which other modules are launched. [More…]