He said he believes a larger danger is that Gauss, while very well encrypted, will still become available for purchase in the malware marketplace. Like Ghosh, he believes that highly sophisticated malware like this is going to become commercialized. "These days, anyone can buy a kit for a few thousand dollars," he said.

Gauss may have hidden capabilities not yet discovered, said Roel Schouwenberg, a senior malware researcher at Kaspersky.

He told Dennis Fisher that its infrastructure is currently dormant, since the command-and-control system went offline last month, before they could be investigated. And Kaspersky said it might not be able to decrypt Gauss's code for months.

Joel Harding, a retired intelligence officer and information operation expert, said he knows some experts believe that Gauss was written by a sophisticated hacker group outside the U.S.

"But I couldn't get past the complexity and the organizational requirements it would take to get a hacker group to do this," Harding said. "It's such a time-intensive operation, stealing bank information and then siphoning off the money. I don't see the monetary payoff. The return on investment is just wrong."