Symantec says malicious software Regin regains attack

IT security software vendor Symantec today warned about a malicious software application — Regin — that was used to spy on private companies, governments, research institutes and individuals in 10 countries since 2008.

Symantec said its research showed that a nation state was likely the developer of the malware called Regin, or Backdoor. Regin.

The Symantec report said Indian IT and software market accounts of 5 percent of the confirmed Regin Infections. Other countries with 5 percent infections include Afghanistan, Iran, Belgium, Australia and Palastine.

The top countries include: Russia with 28 percent, Saudi Arabia 24 percent, Mexico and Ireland 9 percent each.

The Mountain View, California-based maker of Norton anti-virus products said Regin’s design makes it highly suited for persistent, long-term surveillance operations against targets, and was withdrawn in 2011 but resurfaced from 2013 onward.

Symantec Confirmed Regin Infections by Country The malware uses several stealth features and even when its presence is detected, it is very difficult to ascertain what it is doing,. It said many components of Regin remain undiscovered and additional functionality and versions may exist.

Almost half of all infections occurred at addresses of internet service providers. Its targets were customers of the companies rather than the companies themselves. About 28 percent of targets were in telecoms while other victims were in the energy, airline, hospitality and research sectors, Symantec said.

Symantec Confirmed Regin infections by sector Symantec in its report described the malware as having five stages, each hidden and encrypted, with the exception of the first stage. It said each individual stage provides little information on the complete package. Only by acquiring all five stages is it possible to analyze and understand the threat.

Regin also uses a modular approach that allows it to load custom features tailored to targets, the same method applied in other malware, such as Flamer and Weevil (The Mask), the anti-virus company said. Some of its features were also similar to Duqu malware, uncovered in September 2011 and related to a computer worm called Stuxnet, discovered the previous year.

[email protected]