From the article: "... the installation of a special font called Palida Narrow, and the purpose of this action is still unknown."<p>Would this perhaps be a tracking ability, as described at <a href="https://panopticlick.eff.org" rel="nofollow">https://panopticlick.eff.org</a> (specifically, the list of "System Fonts")<p>It would require the users to visit a site that is collecting this tracking information, but it isn't impossible to imagine a popular site among the target audience being strong-armed by a nation-state into installing something to do this.<p>The tracking is practically invisible to end users.
"Another key feature of Gauss is the ability to infect USB thumb drives, using the same LNK vulnerability that was previously used in Stuxnet and Flame."<p>Do we have to repeat the same debate about this one's origin?
Reading their analysis of Gauss, it appears 0xACDC is used for XOR encryption when communicating with the C&C servers. Didn't we just read about another security company and AC/DC...? <a href="http://news.ycombinator.net/item?id=4286696" rel="nofollow">http://news.ycombinator.net/item?id=4286696</a>
Probably just a continuation of the same virus that's been going around for years at this point: <a href="http://www.crysys.hu/skywiper/skywiper.pdf" rel="nofollow">http://www.crysys.hu/skywiper/skywiper.pdf</a><p>Kaspersky tends to exaggerate how novel these viruses are.
This was a better read for me: <a href="https://www.securelist.com/en/blog?weblogid=208193767" rel="nofollow">https://www.securelist.com/en/blog?weblogid=208193767</a> saw it on slashdot
What now.. a heavily cybermilitarized nationstate so broke it needs to skim its own citizens' bank accounts? Advanced Persistent Phish?<p>Trying to remember the last time I <i>didn't</i> read about some ultra-dooper-al-quaeda-cyber-virus. Seems any kid with a C compiler these days pumping out cutpasted code qualifies as a complex threat.<p>Coming up: 50 page white paper on the seemingly "innocuous" font (translation: obviously some previously unknown 0day secret intelligence 007 cyber warhead) and its implications for national security funding.