Skip to Content

A Cyber "Warhead" With an Unknown Target

The Gauss malware uncovered last week features a mystery payload.
August 14, 2012

The Gauss malware described last week that targets Lebanese bank accounts still has one secret to divulge - the purpose of its “encrypted warhead” known as Godel. That’s the term used by researchers at Kaspersky, the computer security firm that described Gauss last week, for a part of the malware programmed to decrypt only when it lands on exactly the right computer system. What Godel does under those conditions is unknown, and today, Kaspersky laid out what it knows about Godel and asked for help determining its purpose.

Mystery weapon: some of the inner workings of the Gauss malware. Credit: Kaspersky

[T]oday we are presenting all the available information about the payload in the hope that someone can find a solution and unlock its secrets. We are asking anyone interested in cryptology and mathematics to join us in solving the mystery and extracting the hidden payload.

Kaspersky says Gauss is related to government-sponsored cyberweapons Stuxnet and Flame, and the company’s researchers and some other experts believe Gauss was also created by a nation state. Godel can only be decrypted with a key built using information drawn from the computer it has infected, specifically information about programs installed on the system. Until someone figures out exactly what Godel’s looking for, it’s impossible to know what it will do when activated. Kaspersky’s researchers are considering the possibility that it is intended to attack SCADA - industrial control - systems, like those in use by the Iranian nuclear program disrupted by Stuxnet:

The resource section is big enough to contain a Stuxnet-like SCADA targeted attack code and all the precautions used by the authors indicate that the target is indeed high profile.

Keep Reading

Most Popular

The inside story of how ChatGPT was built from the people who made it

Exclusive conversations that take us behind the scenes of a cultural phenomenon.

How Rust went from a side project to the world’s most-loved programming language

For decades, coders wrote critical systems in C and C++. Now they turn to Rust.

Design thinking was supposed to fix the world. Where did it go wrong?

An approach that promised to democratize design may have done the opposite.

Sam Altman invested $180 million into a company trying to delay death

Can anti-aging breakthroughs add 10 healthy years to the human life span? The CEO of OpenAI is paying to find out.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.