Symantec one of the world’s top computer and internet security firms has discovered the worlds most sophisticated bug. The spying bug malware which they have called Regin, was withdrawn in 2011 and it suddenly reappeared in 2013. Regin attacks computers running on Microsoft Windows and has been around since 2008.
According to Symantec it is related to Stuxnet which America and Israel launched in 2010 against the Iranian Nuclear Program and has been state sponsored. US government and private cyber intelligence firms have said they suspect state-backed hackers in China or Russia may be responsible but there is no definitive proof of this as its developers have gone to great lengths to cover their tracks.
Symantec said “Regin is a multi-purpose data collection tool which dates back several years and Symantec first began looking into this threat in the fall of 2013. The malware uses several stealth features and even when its presence is detected it is very difficult to ascertain what it is doing”.
According to Symantec some of the affected targets were tricked into visiting spoofed versions of well-known websites and that it may also have been installed via a Web browser or by exploiting an application. One computer’s, log files showed that Regin originated from Yahoo! Instant Messenger through an unconfirmed exploit.
Regin uses a modular approach, allowing the developers to load custom features tailored to individual targets when needed. It also includes Remote Access Trojan (RAT) features which enables it to steal passwords, take screenshots and recover deleted files from your trash.
The 2 diagrams below released by Symantec show the countries and sectors affected by Regin.
It is not known why Austria, Belgium and Ireland were some of the countries attacked but targets included private companies, government entities and research institutes. Telecoms companies were also targeted so that they could gain access to calls being routed through their infrastructure.