The Mystery of Gauss : Kaspersky needs help Decrypting Gauss Malware
Researchers at Kaspersky Lab are asking the public for help in cracking encryption of the recently discovered malware Gauss.
“Perhaps the most interesting mystery is Gauss’ encrypted warhead. Gauss contains a module named ‘Godel’ that features an encrypted payload. The malware tries to decrypt this payload using several strings from the system and, upon success, executes it. Despite our best efforts, we were unable to break the encryption. ” Securelist blog post reads.
“So today we are presenting all the available information about the payload in the hope that someone can find a solution and unlock its secrets. We are asking anyone interested in cryptology and mathematics to join us in solving the mystery and extracting the hidden payload.”
The payload is delivered to machines via an infected USB stick that uses the .lnk exploit to execute the malicious activity. In addition to the encrypted payload, infected USB sticks deliver two other files that also contain encrypted sections that Kaspersky has been unable to crack.