By Dan Satherley
Computer security experts trying to crack a nasty virus called 'Gauss' have made an odd discovery – it installs a font on every computer it infects.
It's called 'Palida Narrow', and just why the virus installs it, nobody knows.
"We don’t currently understand exactly why the attackers have installed this font," antivirus software creator Kaspersky announced on their website.
"The installation of the Palida font is unique, it's a first," information operation expert Joel Harding told PC World.
"This is a font that did not previously exist, it was customised for this tool. We have never seen a font installed by malware before."
Some experts have guessed it could be a way for the virus to track what computers it has installed itself on.
"Any time any type of purposeful malware is installed on a system, the attacker has to have a mechanism that allows him to ensure that the malware was installed, and that it was installed with the appropriate level of access to the system," says senior security analyst Chris Sanders.
But so far, Palida Narrow has been found on only a third of computers known to be infected with Gauss.
Others say it could just be a mistake on the virus author's part.
"I often joke that programmers, especially good ones, are likely to look for short cuts and time savers," says virus expert Roger Thompson.
"What this means is that when they write a program, they rarely start from scratch, but instead think to themselves, 'OK, I know I wrote some code like that once before,' and they copy and paste the old code into the new code.
"I think that time will show that Palida Narrow was simply accidentally left over from a previous project."
The unique use of a font was compared to the September 11 attacks.
"Before 9/11, few in the world considered a commercial airplane as a possible weapon," Harding told PC World. "Now we will start considering a font, and hopefully other items possibly detected by network management tools, as possible indicators of an infection."
It's believed around 2,500 computers have been infected with Gauss so far. When installed, it steals passwords and tries to hack into banks in Lebanon.
3 News