Can you solve the mystery of the encrypted Gauss payload?

August 15, 2012
gauss_string_pair

Encrypted code in Gauss (credit: Kaspersky)

There are many remaining mysteries in the Gauss and Flame stories, say antivirus experts Kaspersky in their Secure List blog.

For instance, how do people get infected with the malware? Or, what is the purpose of the uniquely named “Palida Narrow” font that Gauss installs?

Perhaps the most interesting mystery is Gauss’ encrypted warhead. Gauss contains a module named “Godel” that features an encrypted payload. The malware tries to decrypt this payload using several strings from the system and, upon success, executes it.

Godel is best know for his incompleteness theorems.

Despite Kaspersky’s best efforts, they were unable to break the encryption. So they are presenting all the available information about the payload in the hope that someone can find a solution and unlock its secrets. They are asking anyone interested in cryptology and mathematics to join us in solving the mystery and extracting the hidden payload.

Secure List has more info.

If you are a world class cryptographer or you can help decrypt them, contact theflame@kaspersky.com.

Curiously, “Godel” is the answer to a mystery also related to a runaway attack in the movie The Singlarity Is Near. — Ed.