Mystery font baffles computer security experts
Wed, 15 Aug 2012 4:50p.m.
By Dan Satherley
Computer security experts trying to crack a nasty virus called 'Gauss' have made an odd discovery – it installs a font on every computer it infects.
It's called 'Palida Narrow', and just why the virus installs it, nobody knows.
"We don’t currently understand exactly why the attackers have installed this font," antivirus software creator Kaspersky announced on their website.
"The installation of the Palida font is unique, it's a first," information operation expert Joel Harding told PC World.
"This is a font that did not previously exist, it was customised for this tool. We have never seen a font installed by malware before."
Some experts have guessed it could be a way for the virus to track what computers it has installed itself on.
"Any time any type of purposeful malware is installed on a system, the attacker has to have a mechanism that allows him to ensure that the malware was installed, and that it was installed with the appropriate level of access to the system," says senior security analyst Chris Sanders.
But so far, Palida Narrow has been found on only a third of computers known to be infected with Gauss.
Others say it could just be a mistake on the virus author's part.
"I often joke that programmers, especially good ones, are likely to look for short cuts and time savers," says virus expert Roger Thompson.
"What this means is that when they write a program, they rarely start from scratch, but instead think to themselves, 'OK, I know I wrote some code like that once before,' and they copy and paste the old code into the new code.
"I think that time will show that Palida Narrow was simply accidentally left over from a previous project."
The unique use of a font was compared to the September 11 attacks.
"Before 9/11, few in the world considered a commercial airplane as a possible weapon," Harding told PC World. "Now we will start considering a font, and hopefully other items possibly detected by network management tools, as possible indicators of an infection."
It's believed around 2,500 computers have been infected with Gauss so far. When installed, it steals passwords and tries to hack into banks in Lebanon.
Post a Comment
Before commenting, please take the time to read our moderation guide
(Won't be published)
19/09/2012 11:56:39 p.m.
Bits and Bytes wrote:
There will be a program (virus) in all those bits some where.
A tweet posted by the wife of Britain's parliamentary speaker about a politician wrongly linked to child sex abuse was libellous.
A high speed test has been launched in Moana, in the Lake Brunner District on the West Coast.
The Whakatane Beacon has joined the Ashburton Guardian and the NBR in charging people who want to read its website.
Jill Valentine and Chris Redfield return in survival horror Resident Evil: Revelations, out now for home consoles.
Live-action trailer for Destiny directed by Jon Favreau and starring Giancarlo Esposito.
Copyright © 2013 MediaWorks TV. All Rights Reserved.