Security experts have garnered enough information from Gauss to create signatures for antivirus software and IPS (intrusion protection systems). Therefore, the defense mechanisms are the same as with any other known malware. "Enterprises must have up-to-date antivirus at the endpoint, some type of [antivirus] at the gateway, either network or email, or, if possible, both," said Charles Kolodgy, an analyst for IDC. In addition, he recommended the use of an IPS to identify abnormal traffic within the network.
The value of understanding Gauss' payload is in learning the components targeted after the malware plants itself in a system. "Until we can decrypt or observe that payload in execution, we really don't know what happens after the initial stage of infection," said Brent Huston, chief executive of MicroSolved, a provider of security assessments and penetration testing.
Once that information is made available to chief security officers, they can determine whether their company is a potential target, Huston said. "It keeps you from spending a bunch of resources, if you don't have to."
Read more about malware/cybercrime in CSOonline's Malware/Cybercrime section.