Researchers have renewed their call for help in cracking an "encrypted warhead" they believe was unleashed by a powerful nation-state and may be poised to search and destroy a high-profile target.

The mysterious payload is contained in "Gauss," the malware with ties to Stuxnet and Flame that Kaspersky Lab researchers recently found targeting computers in Lebanon and other Middle Eastern countries. The researchers have already tried millions of possible keys to unlock the code, so they are now refocusing their efforts on defeating the cryptography used to conceal the underlying code. They believe the secret code may be designed to disrupt SCADA (supervisory control and data acquisition) systems used to control equipment used by dams, gasoline refineries, and other types of critical infrastructure.

"Of course, it is obvious that it is not feasible to break the encryption with a simple brute-force attack," the researchers wrote in a blog post published Tuesday morning. "We are asking anyone interested in breaking the code and figuring out the mysterious payload to join us."

"The resource section is big enough to contain a Stuxnet-like SCADA targeted attack code and all the precautions used by the authors indicate that the target is indeed high-profile," they added, referring to encrypted payload.

The encrypted file is contained in a Gauss module that attaches itself to USB drives. When plugged in, the malware collects a variety of system information and uses a cryptographic hash of that data as a decryption key. They key is the result of the system data being passed through the MD5 algorithm, with its hash in turn being passed through the same algorithm 10,000 more times, making it infeasible for researchers to deduce the initial value needed to unlock the malicious code. The payload is looking for a program name written in an extended character set, such as Arabic or Hebrew, or one that starts with a special symbol such as “~”.

Researchers believe the mechanism allows Gauss to remain dormant except on a specific system that was targeted in advance. Stuxnet, which was used to disrupt Iran's nuclear program, contained a similar mechanism that targeted computer systems at the Natanz Uranium enrichment facility, although Stuxnet didn't use encryption to conceal its contents.

Kaspersky researchers have released the first 32 bytes of encrypted data and hashes from four Gauss variants in the hopes that a "world-class cryptographer" will be able to decrypt them. Submissions can be sent to theflame@kaspersky.com.