Remember Sauron of Lord of the rings?
Kaspersky only discovered its existence when it was asked by an unnamed government organization to investigate something weird going on with its network traffic.
The malware can move across a network -- across even air gapped computers that are supposed to be more secure than typical setups -- to siphon passwords, cryptographic keys, IP addresses, configuration files, among other data off computers.
It then stores all those information in a USB drive that Windows recognizes as an approved device.
Both security companies (Kaspersky and Symantec) believe its development required the involvement of specialist teams and that it costs millions of dollars to operate.
They didn't name a government in particular, but they noted that the malware took cues from older tools used for state-sponsored attacks, including Flamer that's been linked to Stuxnet in the past. As you might know, the Stuxnet worm, widely believed to be the joint creation of the US and Israel, infected Iran's nuclear program computers in the mid-2000s.
It has been said that Project Sauron has been active since at least 2011, but it was only unearthed recently because it was designed not to use patterns security experts usually look for when hunting for malware.Symantec believes it has been used for what could be state-sponsored attacks to infiltrate 36 computers across at least seven organizations around the world - Its targets include several individuals in Russia, a Chinese airline, an unnamed organization in Sweden and an embassy in Belgium.
Kaspersky says you can add various scientific research centers, military installations, telecommunications companies and financial institutions to that list.
(Source)
==update==
additional SOURCE REFERENCES for material in the OP
Via: Ars Technica
Source: Symantec, Reuters, Kaspersky
Keywords In this article: duqu, flamer, gear, malware, ProjectSauron, security, strider, stuxnet
Writer: for EnGadget article - Mariella Moon
(see below: https://projectavalon.net/forum4/show...=1#post1088494)
===========
Thread SUMMARY:
As seen in the thread, the questions asked between the posts are How did it get there, Who created it, and could it have come from signing into the TOR (were the machines in the affected countries also used to access TOR) - there is a post about NSA's intensive SPYING on TOR and how "man in the middle" intercepts can infiltrate targeted machines without anyone 'out there' being aware that such happened..