Kaspersky Lab is asking for help in unraveling the mysterious payload of Gauss, a task that security experts say would help enterprises determine whether they are potential targets of the highly sophisticated cyber-surveillance virus.
On Tuesday, Kaspersky asked for assistance from cryptographers and mathematicians who could help the security vendor decrypt Gauss' warhead, a module named "Godel." Breaking the payload's code would make it possible to determine what the malware does within an infected system.
Security expert Roger A. Grimes offers a guided tour of the latest threats and explains what you can do to stop them in InfoWorld's "Fight Today's Malware" Shop Talk video and Malware Deep Dive Report. | Learn how to secure your systems with InfoWorld's Security Central newsletter, both from InfoWorld. ]
"Despite our best efforts, we were unable to break the encryption. So today we are presenting all the available information about the payload in the hope that someone can find a solution and unlock its secrets," Kaspersky said on its blog. "We are asking anyone interested in cryptology and mathematics to join us in solving the mystery and extracting the hidden payload."
The code to decrypt Gauss is more complex than any Kaspersky usually finds in malware. The company said it had tried millions of combinations without success in trying to find the decryption keys. "If you are a world-class cryptographer or if you can help us with decrypting them, please contact us by email," the company said.
Gauss and its relatives are at the far end of a trend toward more sophisticated malware. For years, security experts have seen malware grow more complex and gain capabilities surpassing expectations.
"In the long term, what you're going to observe is that more malware will become significantly more complex," Huston said. "It's going to be able to reach across different applications and different computing platforms and have a significantly larger impact than we have today."
[See also: Advanced evasion techniques emerge]
Kaspersky discovered Gauss this month in the Middle East. Security experts believe the malware is a descendant of Stuxnet, Flame, and Duqu.
The three spying malware are aimed at specific government and industrial targets. Flame was discovered in May in Iran's oil-ministry computers. Like Flame, Duqu, discovered in October 2011, is related to Stuxnet, which is believed to have damaged control systems within Iranian nuclear facilities in 2010. Duqu used similar code, but was built to steal information.
The New York Times reported in June that Stuxnet was part of a U.S. and Israeli intelligence operation.