A new decade-old malware that Symantec is calling ‘groundbreaking and almost peerless’ has emerged. It’s customisable, and they reckon the main purpose of the malware is intelligence gathering. What’s even more interesting is that experts reckon it’s been born out of the labs of a Western intelligence agency; which could potentially implicate the notorious NSA or even our own GCHQ.
Regin is a massively sophisticated piece of malware which – as of yet – has no current victims from the Five Eyes countries (a treaty for joint cooperation in signals intelligence between UK, US, Aus, NZ, Canada). The top two countries targeted were Russia and Saudi Arabia and whilst we still don’t know for definite where it came from, some experts are saying it may have been from Western governments for surveillance purposes. The reasoning behind this it’s thought that there are only a few countries capable of creating something as complex as Regin; and as security experts F-Secure, who first found Regin on a Windows server inside a customer’s IT infrastructure, don’t seem to think it’s China or Russia, that would pretty much leave the US, UK or Israel as likely candidates.
It looks like it’s not designed for nabbing mass data as much as keeping an eye on a small number of targets. Apparently there have only been around 100 victims found since it emerged in 2008, including government bodies and small businesses, academics and individuals. It’s made up of a whole mixed bag of badness, including some Remote Access Trojans (RAT) capturing screenshots and taking control of the mouse’s point-and-click functions; it also steals passwords, monitors web activity and can get to deleted files, amongst other fun things.
Microsoft haven’t commented yet and turns out security companies have been keeping schtum too, even though several – including Symantec (who have now released a whitepaper on it) and Russian firm Kaspersky – have known about it for a while. Symantec suggested they didn’t feel comfortable publishing details about it ‘til now, and Kaspersky seemed to have only published a report after they thought a competitor was going to beat them to it. Fox IT said that they didn’t want to interfere with NSA/GCHQ business, which is an interesting response given the recent privacy debate surrounding them.
As it’s highly targeted malware it’s not something that most people will need to worry about, according to experts, but security firms will be adding it to their watch list to try and start getting rid. And – as always – good security practice is encouraged!
If you have any questions about our security solutions take a look at our website or give us a call on 0208 045 4945.