Jump to content

Stealthy malware 'Regin' targeted businesses, individuals and telcos


Recommended Posts

Stealthy malware 'Regin' targeted businesses, individuals and telcos

A "highly-complex" piece of malware with James Bond-level espionage capabilities has been spying on governments, infrastructure operators, businesses and individuals since 2008, according to security company Symantec.

Detailed in a company blog post, the back-door type Trojan, called "Regin", can be highly customised through the use of modules depending on its intended target and has allegedly been used as a tool for mass surveillance.

Regin has been found to infect its victims in multiple ways, from luring them to spoofed versions of well-known websites and installing itself to exploiting applications.

The malware has claimed a number of victims as part of two waves, with a first version targeting organisations between 2008 and 2011 before being withdrawn. It re-emerged in 2013 to target companies, government entities and research institutions, with almost half of all infections targeting private individuals, small businesses and telecoms companies.

Stealth mode

According to Symantec, Regin has been designed to be a low-key type of malware that can potentially be used in espionage campaigns lasting several years. The company was only able to analyse its actions after decrypting sample files, discovering that its actions are particularly difficult to decipher.

Some of Regin's particularly stealthy, anti-forensic characteristics include a custom-built encrypted virtual file system (EVFS), embedding commands in HTTP cookies, and custom TCP and UDP protocols.



Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...

Important Information

By using this site, you agree to our Terms of Use.