Researchers Seek Help Cracking Gauss Mystery Payload
By: Kim Zetter, WIRED
Researchers at Kaspersky Lab in Russia are asking the public for help in cracking an encrypted warhead that gets delivered to infected machines by the Gauss malware toolkit.
The warhead gets decrypted by the malware using a key composed of configuration data from the system it’s targeting. But without knowing what systems it’s targeting or the configuration on that system, the researchers have been unable to reproduce the key to crack the encryption.
“We are asking anyone interested in cryptology, numerology and mathematics to join us in solving the mystery and extracting the hidden payload,” the researchers write in a blog post published Tuesday.
The payload is delivered to machines via an infected USB stick that uses the .lnk exploit to execute the malicious activity. In addition to the encrypted payload, infected USB sticks deliver two other files that also contain encrypted sections that Kaspersky has been unable to crack.