Information Please: Kaspersky Lab needs help decrypting Gauss warhead

As reported previously by Kaspersky, Gauss is a new cyber surveillance malware related to Flame that has been staling banking credentials in the Middle East.

Kaspersky is now admitting that it is unable to figure out the encryption of the Godel module, which the company believes is designed to take down a supervisory control and data acquisition (SCADA) system or other high-profile targets.

“Despite our best efforts, we were unable to break the encryption. So today we are presenting all the available information about the payload in the hope that someone can find a solution and unlock its secrets. We are asking anyone interested in cryptology and mathematics to join us in solving the mystery and extracting the hidden payload”, Kaspersky Lab’s Global Research and Analysis Team wrote in a blog.

The team said that that the resource section, which contains the encrypted payload, “is big enough to contain a Stuxnet-like SCADA targeted attack code and all the precautions used by the authors indicate that the target is indeed high profile.”

The team added that it is providing the first 32 bytes of encrypted data and hashes from known variants of the modules. “If you are a world class cryptographer or if you can help us with decrypting them, please contact us by e-mail: theflame@kaspersky.com”, the blog concluded.
 

What’s hot on Infosecurity Magazine?