G Data Offering Regin Malware Detection Tool

The latest prominent malware threat to pop up, Regin, has been causing quite a stir over the last few weeks – and you might be interested to learn that security firm G Data has produced a tool that can be used to discover whether you’ve been affected by this sophisticated Trojan.

Regin, in case you haven’t heard, is a super-stealthy and customisable piece of malware which is likely the work of a nation state engaged in serious cyber-espionage – with rumours flying about that it could be down to the US or UK. The malware is built along the lines of the likes of Stuxnet, Duqu and Flame.

G Data has been busy taking Regin apart and analysing it, and claims that it’s the first security company to have produced a script which can identify files that have been created by the malware. The tool can be used no matter what antivirus or security products you have on your machine, and is a standalone solution that can detect and flag up the virtual file systems Regin creates.

You can grab the tool, and find instructions on its usage, via this blog post (note that version 2 of Python is necessary to run the G Data script).

G Data notes that Regin has been employed in some 18 countries that it’s aware of, including Germany, Russia, Syria and India.

Describing the malware, G Data calls Regin “a full cyber espionage platform where the goal was to reach complete remote control and monitoring on all possible levels.”

The firm states: “Attribution is difficult in cases like this however considering the complexity of development, we suspect that this operation is supported by a nation-state. From the information we have, we assume that it is not originating from Russia and not from China.”