Gauss malware font choice

I’m not entirely convinced by the discussion about leftover file names in the Gauss malware code containing the name “white” and some supposed etymological association with Lebanon.
However, if there’s anything to it, perhaps it’s worth pointing at that the mysterious font that’s uploaded by the malware is called Pallida Narrow and ‘pallida’ is the Latin, or better Spanish, word meaning ‘pale’. So maybe the authors like puns; and maybe looking for loaded fonts is a quick and easy way to distinguish infections by variants (as long as nobody notices it).
P.S. As I suspected, it’s possible to configure a web site to require the use of a particular font. If the browser doesn’t have access to it, it can ask for it to be downloaded. So this is a way to remotely track which computers have been infected, since they won’t need to ask for the font. So now the search is on for a popular enough web site whose CSS requires this font (about whose spelling there seems to be considerable disagreement).
P.P.S. It’s also interesting that, in software where the modules are names after mathematicians, there’s one called “Tailor”. I can only assume that this is meant to be a reference to Brook Taylor, the mathematician who gave us the Taylor Series etc. It’s an unlikely spelling mistake — I checked the web and their are only a handful of pages that make this spelling error in English. But perhaps it’s a more plausible error for someone used to writing a language that omits the vowels.


0 Responses to “Gauss malware font choice”

  1. Leave a Comment

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: