Online Detection of Gauss

After the publication of Kaspersky Lab’s whitepaper about the Gauss cyber attack, Kaspersky Lab have been asked if there is an easy way for users to check their system for infection.

August 13, 2012

After the publication of Kaspersky Lab’s whitepaper about the Gauss cyber attack, Kaspersky Lab have been asked if there is an easy way for users to check their system for infection. Of course the most reliable way would be to download and install Kaspersky Lab’s antivirus solution, however if someone would like to double-check or is unable to download the full antivirus package, Kaspersky Lab offer a quick and easy way to check for the presence of the Gauss component.

The idea of checking the system using a webpage comes from a Hungarian research lab, known as Crysys. They have also introduced a web-based method to check your system for Palida Narrow. The test webpage is currently available at: http://gauss.crysys.hu.

Kaspersky Lab have used this same idea whilst trying to improve the detection method. It is now done without server interaction.

Below is the current blogpost where you may find an iframe window which has javascript code to verify if you have the mysterious font Palida Narrow installed. This font was used during Gauss cyber attack. Currently it’s not clear why the attackers installed that font, however it may indicate the presence of Gauss activity on the system. More details about module installing this font are available in Kaspersky Lab’s full article which can be found at:

https://www.securelist.com/en/analysis/204792238/Gauss_Abnormal_Distribution#12.

If you see an alerting message, Kaspersky Lab would like to encourage you to install an antivirus solution and check your system immediately. Alternatively, please mail [email protected] for assistance.