The mysterious Pale typography malware Narrow Gauss
Kaspersky warned of the existence of malware Gauss , of the same family of Flame and Stuxnet, engaged in espionage between countries. Its peculiarity is that monitors bank accounts and could give drivers access to accounts Virus specific objectives. It also has an encryption code package has not yet be read, and interestingly, installed on infected computers called Pale Narrow typography.
What does it profit a malware install a font? In Kaspersky have no idea what the objective. There has been some speculation that might have something to do with the encryption code, potentially destructive, considering that if you rearrange the letters one could get the words “Paladin Arrow” (Paladin arrow).
The Hungarian research laboratory Crysys gave another possible explanation: It serves to detect infected computers. Pale function as an identifier. For example, certain specific Web sites could contain a CSS style sheet, which tells the browser how to display the text. This style may contain references to specific fonts, whose definition can redirect to a URL to download the style if you have not installed on your PC.
According to the latter option, the website would tell the browser to use Pale Narrow to display text, and you do not have that source, redirect the site to download from.
Knowing this operation, Crysys created a tool that detects if your computer has installed Pale Narrow – and therefore, if Gauss is infecting your systems.
If you’re not a goal sought by international intelligence agencies, it is unlikely that the malware is infecting you. So far, 2,500 have been found affected: 1,600 in Lebanon, 482 in Israel, Palestine and 43 261 in U.S.
– On the Pale Narrow mystery of Gauss malware, and possible remote detection (Crysys – thanks Abraham!)
– Gauss: Researchers release detection tool (Washington Post)
– Gauss malware detection Pale font page (Crysys)
– Gauss’s cousin who watches Stuxnet Flame and bank accounts (technewspedia)