Saturday, October 20, 2018
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Google Could Charge Android Partners in Europe up to $40 per Device
Samsung Display Develops Under Panel Sensor, Fingerprint On Display AMOLEDs
The 9th Generation Intel Core i9-9900K is Actually the World's Best Gaming Processor
European Commission Approves Acquisition of GitHub by Microsoft
Samsung, LG Launch Trade-in Promotions to Help Sales Of Latest Flagship Smartphones
Fujitsu's Cooling Control Technology Reduces Datacenter Energy Consumption
Tesla Unveils new $45,000 Model 3
Micron Wants to Buy Remaining Interest in IM Flash Technologies to Advance the 3D XPoint Technology
Active Discussions
Which of these DVD media are the best, most durable?
How to back up a PS2 DL game
Copy a protected DVD?
roxio issues with xp pro
Help make DVDInfoPro better with dvdinfomantis!!!
menu making
Optiarc AD-7260S review
cdrw trouble
 Home > News > General Computing > Regin T...
Last 7 Days News : SU MO TU WE TH FR SA All News

Sunday, November 23, 2014
Regin Trojan Enables Stealthy Surveillance: Symantec


An advanced spying tool called Regin has been spying on private companies, governments, research institutes and individuals since 2008, anti virus software maker Symantec Corp said in a report on Sunday.

A back door-type Trojan, Symantec researchers say that Regin is a complex piece of malware "whose structure displays a degree of technical competence rarely seen."

As outlined in a technical whitepaper from Symantec, Backdoor.Regin is a multi-staged threat and each stage is hidden and encrypted, with the exception of the first stage. Executing the first stage starts a domino chain of decryption and loading of each subsequent stage for a total of five stages. Each individual stage provides little information on the complete package. Only by acquiring all five stages is it possible to analyze and understand the threat.

Regin also uses a modular approach, allowing it to load custom features tailored to the target.

The infection vector varies among targets. Symantec believes that some targets may be tricked into visiting spoofed versions of well-known websites and the threat may be installed through a Web browser or by exploiting an application. On one computer, log files showed that Regin originated from Yahoo! Instant Messenger through an unconfirmed exploit.

The threat’s standard capabilities include several Remote Access Trojan (RAT) features, such as capturing screenshots, taking control of the mouse’s point-and-click functions, stealing passwords, monitoring network traffic, and recovering deleted files.

Symantec also discovered more specific and advanced payload modules, such as a Microsoft IIS web server traffic monitor and a traffic sniffer of the administration of mobile telephone base station controllers.

Regin has several "stealth" features. These include anti-forensics capabilities, a custom-built encrypted virtual file system (EVFS), and alternative encryption in the form of a variant of RC5, which isn’t commonly used. Regin uses multiple sophisticated means to covertly communicate with the attacker including via ICMP/ping, embedding commands in HTTP cookies, and custom TCP and UDP protocols.

Almost half of all infections occurred at addresses of Internet service providers, the report said. It said the targets were customers of the companies rather than the companies themselves. About 28 percent of targets were in telecoms while other victims were in the energy, airline, hospitality and research sectors, Symantec said.

Symantec said Russia and Saudi Arabia accounted for about half of the confirmed infections of the Regin malware and the other countries were Mexico, Ireland, India, Iran, Afghanistan, Belgium, Austria and Pakistan.


And as it typically happens in such cases, Synmantec's products detect Regin.




Previous
Next
Apple To Donate Part of App Sales Profit To Support Fight Against AIDS        All News        ASTC Says 100 TB HDDs Coming in 2025
Apple To Donate Part of App Sales Profit To Support Fight Against AIDS     General Computing News      Europe To Ask Google Unlink Its Commercial And Search Services

Get RSS feed Easy Print E-Mail this Message

Related News
Android Trojan Steals Passwords Sent Through Voice Calls
Kaspersky Discovers Trojan That Tricks CAPTCHA Into Thinking Its Human
Spying Program Was Stored Within Popular Hard Disk Drives
New Trojan Targetted Banks Wordlwide
Trojan horse takes down smart phones

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2018 - All rights reserved -
Privacy policy - Contact Us .