From the article: "... the installation of a special font called Palida Narrow, and the purpose of this action is still unknown."
Would this perhaps be a tracking ability, as described at https://panopticlick.eff.org (specifically, the list of "System Fonts")
It would require the users to visit a site that is collecting this tracking information, but it isn't impossible to imagine a popular site among the target audience being strong-armed by a nation-state into installing something to do this.
The tracking is practically invisible to end users.
My first guess was that system font renderers are probably less hardened against exploits, and that the font is exactly that. The name sounds generic enough to look like it fits in with the rest.
Your EFF link says Chrome on iOS is 1 in ~93,000 while a Chrome incognito tab is 1 in ~89,000. Incognito is less unique and more identifiable that a regular tab. Interesting results.
"Another key feature of Gauss is the ability to infect USB thumb drives, using the same LNK vulnerability that was previously used in Stuxnet and Flame."
Do we have to repeat the same debate about this one's origin?
The viruses (this and skywiper) appear to be both targeting the middle east... Maybe they're all just chumps and easy targets out there, but it also makes sense that they have the same people behind them.
Reading their analysis of Gauss, it appears 0xACDC is used for XOR encryption when communicating with the C&C servers. Didn't we just read about another security company and AC/DC...? http://news.ycombinator.net/item?id=4286696
What now.. a heavily cybermilitarized nationstate so broke it needs to skim its own citizens' bank accounts? Advanced Persistent Phish?
Trying to remember the last time I didn't read about some ultra-dooper-al-quaeda-cyber-virus. Seems any kid with a C compiler these days pumping out cutpasted code qualifies as a complex threat.
Coming up: 50 page white paper on the seemingly "innocuous" font (translation: obviously some previously unknown 0day secret intelligence 007 cyber warhead) and its implications for national security funding.
This virus could be used to track the flow of money in terror networks. It could also be used offensively to surprise-defund them, or to grab off-the-books cash for your own nation's agents in the field.
Applying Occam's razor we're left with a teenage drop out who has found a way to sell bank account details on the black market, to fund his new car.
But of course not, obviously it's Al Quaeda. How else will the security industry succeed in strangling more cash and evil, preferential, freedom-damaging policies from central government?
You missed something. forgotusername strongly seems to be suggesting that security experts are falsely claiming this is from Al Qaeda so they can get money from the US government to fight the terrorists. That's what daeken was responding to.
Sarcasm failure? The comment's intention was to suggest that it is directly and unequivocally in the interests of AV and infosec companies to dress up these daft events to make them sound as evil as possible, as the resulting fear drives their bottom line.
I'll walk you through it step by step.
> What now.. a heavily cybermilitarized nationstate so broke it needs to skim its own citizens' bank accounts?
This alludes to the fact the evil hacker espionage ultra-worm targets banking web sites, which is exactly the kind of worm we've had for hundreds of years now, only it's not written by governments, it's written by the kind of people who can sell those details on the black market. My attempt at making seemingly obvious humour in the form of "nationstate so broke it needs to skim its own citizens' bank accounts?" was clearly a failure.
> Advanced Persistent Phish?
Here I allude to a vague concept ("Advanced! Persistent! Threat!") pushed over the past 5 years or so by the AV/infosec community: one of this ill-defined superpower, for which evidence rarely exists, ready to pounce at any moment, spending trillions of Afghani rupees over years on the ability to read your private mail, and therefore obviously in return you should spend a great deal of money on your security (because you never know.. the boogey-man might already have root!).
> Trying to remember the last time I didn't read about some ultra-dooper-al-quaeda-cyber-virus. Seems any kid with a C compiler these days pumping out cutpasted code qualifies as a complex threat.
Well that's just it. This is a virus I could write, and I'm not even a vx guy. As someone else pointed out, the 0day it uses is distributed with Metasploit! This isn't exactly screaming "APT", "nationstate", or 007 is it. More it's screaming a pasty faced 15 year old armed with nothing but wget and the URL "www.phrack.com/my-first-virus-tutorial-1985-edition.txt".
> Coming up: 50 page white paper on the seemingly "innocuous" font (translation: obviously some previously unknown 0day secret intelligence 007 cyber warhead) and its implications for national security funding.
If you've been following along, this clearly references the copious scaremongering white papers produced by AV vendors around the time of Stuxnet.
More nonsense from the article:
> Another key feature of Gauss is the ability to infect USB thumb drives
The first computer viruses spread by floppy disk. I have no clue why this is 'key' to Gauss. I'll walk you through the BS in the article step by step if you really feel it's necessary.
tl;dr I am extremely cynical of the AV community scaremongering, because given time it will result in laws that'll get in the way the freedom to use mine or my childrens' computers. It's obviously already taken root in some of the minds around here, as y'all grasp to cope with this seemingly deadly evil threat, and my making light of it.
Would this perhaps be a tracking ability, as described at https://panopticlick.eff.org (specifically, the list of "System Fonts")
It would require the users to visit a site that is collecting this tracking information, but it isn't impossible to imagine a popular site among the target audience being strong-armed by a nation-state into installing something to do this.
The tracking is practically invisible to end users.