Gauss Trojan malware found in UAE after spreading through the region, say experts.
Newly found computer virus in UAE steals bank passwords
DUBAI // A new computer virus steals bank passwords and personal information when users plug in a USB memory stick.
The Gauss trojan malware is believed to be a derivative of the flame virus that originated in Iran.
Computer security company Kaspersky Labs said it had been found on 11 computers in the UAE in recent weeks and was a nation-state sponsored cyber-espionage toolkit for stealing sensitive data.
“This is a trojan virus that is not spread like many other viruses by opening email attachments or going onto infected websites,” said Vitaly Kamluk, the company’s chief malware expert.
“Instead, it is transferred via USB, steals banking passwords and other personal data, including internet cookies, and then transmits that to another source via the internet.”
The transfer is over in seconds and the big worry for experts is that it happens almost the instant the USB stick is plugged in.
“It doesn’t matter if the auto-start function is disabled as the virus infects the computer without the need for the user to open a file or click on anything,” he said.
So far the worst-hit countries have been Lebanon, Israel and the Palestinian territories, which have thousands of infected machines. Since the virus was first detected in May, it has spread to the UAE, Saudi Arabia and Qatar.
“It seems to be particularly targeting Lebanese banks, PayPal and Citibank, and people with those accounts should be extra careful,” said Mr Kamluk.
“Part of the virus is encrypted so we don’t fully know what else it can do.”
A trace of the data sent by the virus found it went to five different servers but the source is unknown.
The virus affects only Windows operating systems, although users with the latest patched version of Windows 7 will be safe.
Users are advised never to use a USB memory stick from an unknown source, open emails from senders they do not know and to keep anti-virus security updated.