New US-Israeli computer virus targets Lebanese banks

A Russian computer security firm has discovered a new “state-sponsored computer virus,” co-developed by Tel Aviv and Washington, which targets the computers of specific major banks in Lebanon.

According to a Thursday New York Times article, the Kapersky Lab said the virus appeared to have been written by the same programmers who created Flame, a data-mining computer virus, and it might be linked to the Stuxnet virus, the virus that was intended to disrupt Iran’s nuclear energy program in 2010.

The same paper confirmed in a June article that Stuxnet was jointly developed by the United States and Israeli government.

Iranian authorities have always maintained that the Stuxnet virus was detected in time by Iranian IT and nuclear experts and had no effect on the country’s nuclear energy program.

The latest virus, nicknamed Gauss, has reportedly been detected in hundreds of computers in Lebanon with an apparent aim of acquiring “logins for e-mail and instant messaging accounts, social networks and, notably, accounts at certain banks.”

The report further revealed that targeted banks included several major Lebanese banks such as the Bank of Beirut, BLOM Bank, Byblos Bank and Credit Libanais, as well as Citibank.

“We have never seen any malware target such a specific range of banks,” said Costin Raiu, Kaspersky’s director of global research and analysis.

“There is absolutely no doubt that Gauss and Flame were printed by the same factories,” added Raiu.

“An early version of Stuxnet used a module from Flame, which shows they are connected. Stuxnet was created by a nation-state – it simply could not have been designed without nation-state support – which means Flame and Gauss were created with nation-state support as well.”

The report further quotes Kaspersky researchers as saying that the Gauss virus contained a “warhead” that “seeks a very specific computer system with no Internet connection and installs itself only if it finds one.”