Breaking News

Ricoh Launches Updated RICOH GR III and the Rugged WG-6 Cameras Apple and Goldman Sachs to Launch Credit Card For the iPhone: report CORSAIR Launches the DOMINATOR PLATINUM RGB DDR4 Memory Vive Introduces the Standalone Focus Plus VR Headset Western Digital Releases New UFS 3.0 EFD to For 5G Smartphones

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Legacy
    • Media Tests
    • DVD Media Formats

    • Glossary
    • FAQ
    • Firmware
    • Drivers
    • BIOS
    • Software
  • Forum
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Regin Trojan Enables Stealthy Surveillance: Symantec

Regin Trojan Enables Stealthy Surveillance: Symantec

Enterprise & IT Nov 23,2014 0

An advanced spying tool called Regin has been spying on private companies, governments, research institutes and individuals since 2008, anti virus software maker Symantec Corp said in a report on Sunday. A back door-type Trojan, Symantec researchers say that Regin is a complex piece of malware "whose structure displays a degree of technical competence rarely seen."

As outlined in a technical whitepaper from Symantec, Backdoor.Regin is a multi-staged threat and each stage is hidden and encrypted, with the exception of the first stage. Executing the first stage starts a domino chain of decryption and loading of each subsequent stage for a total of five stages. Each individual stage provides little information on the complete package. Only by acquiring all five stages is it possible to analyze and understand the threat.

Regin also uses a modular approach, allowing it to load custom features tailored to the target.

The infection vector varies among targets. Symantec believes that some targets may be tricked into visiting spoofed versions of well-known websites and the threat may be installed through a Web browser or by exploiting an application. On one computer, log files showed that Regin originated from Yahoo! Instant Messenger through an unconfirmed exploit.

The threat’s standard capabilities include several Remote Access Trojan (RAT) features, such as capturing screenshots, taking control of the mouse’s point-and-click functions, stealing passwords, monitoring network traffic, and recovering deleted files.

Symantec also discovered more specific and advanced payload modules, such as a Microsoft IIS web server traffic monitor and a traffic sniffer of the administration of mobile telephone base station controllers.

Regin has several "stealth" features. These include anti-forensics capabilities, a custom-built encrypted virtual file system (EVFS), and alternative encryption in the form of a variant of RC5, which isn’t commonly used. Regin uses multiple sophisticated means to covertly communicate with the attacker including via ICMP/ping, embedding commands in HTTP cookies, and custom TCP and UDP protocols.

Almost half of all infections occurred at addresses of Internet service providers, the report said. It said the targets were customers of the companies rather than the companies themselves. About 28 percent of targets were in telecoms while other victims were in the energy, airline, hospitality and research sectors, Symantec said.

Symantec said Russia and Saudi Arabia accounted for about half of the confirmed infections of the Regin malware and the other countries were Mexico, Ireland, India, Iran, Afghanistan, Belgium, Austria and Pakistan.

And as it typically happens in such cases, Synmantec's products detect Regin.



Tags: trojans
Previous Post
Apple To Donate Part of App Sales Profit To Support Fight Against AIDS
Next Post
ASTC Says 100 TB HDDs Coming in 2025

Related Posts

  • Android Trojan Steals Money From PayPal Accounts

  • Android Trojan Steals Passwords Sent Through Voice Calls

  • Kaspersky Discovers Trojan That Tricks CAPTCHA Into Thinking Its Human

  • Spying Program Was Stored Within Popular Hard Disk Drives

  • New Trojan Targetted Banks Wordlwide

  • Microsoft Patch May be Trojan

  • Trojan horse takes down smart phones

0 Comments

Leave a Reply

More information about text formats

Filtered HTML

  • Web page addresses and e-mail addresses turn into links automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <blockquote> <code> <ul> <ol> <li> <dl> <dt> <dd>
  • Lines and paragraphs break automatically.

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.

BBCode

  • No HTML tags allowed.
  • You may use these tags: [abbr], [acronym], [b], [center], [code], [color], [define], [font], [h1], [h2], [h3], [h4], [h5], [h6], [hr], [i], [img], [justify], [left], [list], [node], [php], [quote], [right], [s], [size], [sub], [sup], [u], [url], [wikipedia], [youtube], [align], [link], [ol], [ul]
  • Lines and paragraphs break automatically.
CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Enter the characters shown in the image.

Latest News

Ricoh Launches Updated RICOH GR III and the Rugged WG-6 Cameras
Cameras

Ricoh Launches Updated RICOH GR III and the Rugged WG-6 Cameras

Apple and Goldman Sachs to Launch Credit Card For the iPhone: report
Enterprise & IT

Apple and Goldman Sachs to Launch Credit Card For the iPhone: report

CORSAIR Launches the DOMINATOR PLATINUM RGB DDR4 Memory
PC components

CORSAIR Launches the DOMINATOR PLATINUM RGB DDR4 Memory

Vive Introduces the Standalone Focus Plus VR Headset
Gadgets

Vive Introduces the Standalone Focus Plus VR Headset

Western Digital Releases New UFS 3.0 EFD to For 5G Smartphones
Smartphones

Western Digital Releases New UFS 3.0 EFD to For 5G Smartphones

Popular Reviews

Zidoo Z9S 4K Media Player review

Zidoo Z9S 4K Media Player review

Club3D HD3850

Club3D HD3850

CeBIT 2005

CeBIT 2005

Akasa Elite HDD Case

Akasa Elite HDD Case

CeBIT 2006

CeBIT 2006

LiteOn iHBS112 review

LiteOn iHBS112 review

Nvidia GeForce RTX 2080 Ti and GeForce 2080 Founder's Edition review

Nvidia GeForce RTX 2080 Ti and GeForce 2080 Founder's Edition review

Sony NS955 DVD Player

Sony NS955 DVD Player

  • Home
  • News
  • Reviews
  • Legacy
    • Media Tests
    • DVD Media Formats

    • Glossary
    • FAQ
    • Firmware
    • Drivers
    • BIOS
    • Software
  • Forum
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed