Symantec uncovers malware with stealth features infecting systems since 2008

Symantec uncovers malware with stealth features infecting systems since 2008

Security major Symantec has reported a sophisticated malware which could have been used to spy on governments and businesses. The Symantec report suggests that the malware could have been in use since at least 2008. Symantec added that ‘Regin’ is possibly the most sophisticated espionage tool that could be modified and deployed depending on the target.

Regin has been termed as extremely complex software by Symantec security experts having a wide range of capabilities and customization options. Regin could have been used for systematic spying campaigns against international targets, mainly government officials, researchers and businesses.

Based on back-door trogan technology, Regin offers a powerful framework for mass surveillance. Symantec report termed Regin as a multi-staged threat with high level of encryption and customized options. During the first stage, the malware would start a chain of decryption on the infected system. The malware would completely unfold only after its five stages. However, as each stage provided little information about the complete package, it was not easy to detect, unless all the five stages were analyzed.

In an encrypted container, the malware comprises of first and second stage as ‘loaders’, decrypting and executing the next stage. The third stage would setup a Kernel framework. In fourth stage, the malware would setup ‘user framework’ and various ‘kernel modules’. In fifth stage, the malware would execute payload modules. All this was done with high level of sophistication on the infected computer.

Symantec has listed Telecom sector (28 percent) as the biggest suffering group, followed by hospitality (9%), energy (5%), aviation (5%) and research (5%) sectors. The share of private individuals and small businesses suffering from the Regin infection could be as high as 48 percent.

In terms of countries where the infection has been found, Russian Federation (28%) and Saudi Arabia (24%) top the list, followed by Ireland, Mexico, India, Belgium, Iran and Pakistan.

Symantec software detects the threat as Backdoor.Regin.

Popular Stories

Overall childhood ‘asthma epidemic’ levels off in U.S.

The overall ‘asthma epidemic’ among children has... Read More

‘UC Quits’ Working to Help California Smokers Get Rid Of Smoking

As New Year is approaching, people have already... Read More

Scientists begin Stem Cell research to find cure for Alzheimer’s

Alzheimer’s disease, the commonest cause of... Read More

New House Bill to Restrict First-Time Opioid Prescriptions

Cases of opioid abuse have been increasing and... Read More

Comcast installs DOCSIS 3.1 modem on customer-facing network in Philadelphia

In an announcement made on December 22, cable giant... Read More