In movies sometimes seems that computer viruses are capable of doing anything. More often than not, is a matter of dramatic license, but a newly discovered malware complex piece suggests that the truth may actually scarier than fiction.
"Regin" is a very sophisticated piece of software so sophisticated, in fact, its discoverer, security firm Symantec, concludes that it can not be "a major cyber espionage tool used by a nation-state." In this sense, the best compared Stuxnet is widely believed to be a software developed by Israel and the US to infect the computers involved in Iran's nuclear program.
"Regin" is a very sophisticated piece of software so sophisticated, in fact, its discoverer, security firm Symantec, concludes that it can not be "a major cyber espionage tool used by a nation-state." In this sense, the best compared Stuxnet is widely believed to be a software developed by Israel and the US to infect the computers involved in Iran's nuclear program.
But Regin, Symantec began studying in 2013 but believed to have been in use since 2008 has a portfolio that is much, much broader than that of Stuxnet. This is powerful and modular, with a variety of functions that can be loaded on demand to do things like steal passwords, screenshots, monitor network traffic, recover deleted files, and more. It is not known exactly how computers are infected, but research suggests Regin Symantec can use a variety of vectors, including counterfeit versions of popular Web sites, instant messaging applications and more. (The company has not yet found a vector used more than once.)
What makes Regin so insidious is that it is incredibly discreet, thoroughly clean your tracks as you go. Your files are highly encrypted-creators have even create a virtual file system to store a lot of data, broken down into small pieces that are loaded sequentially. And the creators of remote code can decide which of the spying capabilities are needed for a particular purpose and deploy only the code.
Symantec analysis concludes that Regin is clearly designed to collect long-term data. The malware appears to have infected a variety of objectives, a significant portion of which includes telecommunications and other infrastructure, as well as individuals and small businesses, but concerned NGOs and research centers can also be seen. Infected computers are in ten countries to date, with the largest pieces of the Russian Federation and Saudi Arabia and Mexico, Ireland, India, Afghanistan, Iran, and more.
The complexity of Regin just another sign that we have reached a time in cyber espionage and cyber war is happening around us all the time, just below the surface, all without our knowledge.
No comments:
Post a Comment