Nations And Corporations Threaten By Regin Espionage Malware

Nov 24, 2014

There’s a new piece of dangerous espionage malware threatening the security of nations around the world, along the lines of Stuxnet.

It’s called Regin, and security firm Symantec says it displays a worrying level of technical competence in its construction.

Apparently the malware, a backdoor Trojan, has been used in spying campaigns against countries around the world since 2008. It’s hidden and encrypted (save for the first stage of infection), and highly customisable, meaning users can imbue it with an extensive range of capabilities to hone and specially tailor any particular attack, and the authors of the software have gone to “great lengths to cover its tracks”.

Regin actually uses a five stage modular approach in its infection routine, and this multi-stage loading system is similar to what is seen with Stuxnet malware.

The malware can carry a range of payloads, with the standard load-out including a number of Remote Access Trojan features such as password stealing, taking screen grabs, monitoring network traffic and so on. As mentioned, though, it’s highly customisable from this base.

Infection is another mystery to some extent, with “no reproducible vector” found, though Symantec says that some infections may have occurred via false versions of well-known websites which users have been tricked into visiting – an old chestnut. As ever, don’t blindly click links, and carefully check and verify any linked URL to make sure there isn’t a slight misspelling in there.

Interestingly, while Regin has been around doing its dirty spying work since 2008, it was withdrawn from action in 2011, but a new version of the malware appeared last year. As well as governments, enterprises and research institutes have been targeted by the malware.

Symantec warned: “The development and operation of this malware would have required a significant investment of time and resources, indicating that a nation state is responsible. Its design makes it highly suited for persistent, long term surveillance operations against targets.”




Author: Darren Allan
View the original article here.
Published under license from ITProPortal.com
ITProPortal / malware / Partners / regin / stuxnet / symantec / Technology

Comment

 

Understanding the risks and rewards of public sector cloud 

Download the Whitepaper now

Partner

24Newswire
Sign up to receive latest news

Twitter Feed

Why does pubsec ICT PR firm @MantisPR want to be at the upcoming #eventcentreUK THINK Digital Vendors 2016 event? https://t.co/3tE5o7aMmO
@24nbiz
Apr 01, 2016
@thinkdigicon supporter @Adv365 sets out its stall for tomorrow's landmark #gcloud event https://t.co/FQraJP2yyg
@24nbiz
Mar 21, 2016
@thinkdigicon supporter @Adv365 explains why it's supporting tomorrow's show https://t.co/2Wj3UECo9s
@24nbiz
Mar 21, 2016
@24n.biz: what's the final agenda for tomorrow's @thinkdigicon #gcloud @GOVUKdigimkt show? https://t.co/6CASi8lrnU
@24nbiz
Mar 21, 2016