Computer spying malware
uncovered with 'stealth' features: Symantec
Send a link to a friend
[November 24, 2014]
(Reuters) - An advanced malicious
software application has been uncovered that since 2008 was used to spy
on private companies, governments, research institutes and individuals
in 10 countries, anti virus software maker Symantec Corp said in a
report on Sunday.
The Mountain View, California-based maker of Norton anti virus
products said its research showed that a "nation state" was likely
the developer of the malware called Regin, or Backdoor. Regin, but
Symantec did not identify any countries or victims.
Symantec said Regin's design "makes it highly suited for persistent,
long-term surveillance operations against targets," and was
withdrawn in 2011 but resurfaced from 2013 onward.
The malware uses several "stealth" features "and even when its
presence is detected, it is very difficult to ascertain what it is
doing," according to Symantec. It said "many components of Regin
remain undiscovered and additional functionality and versions may
Almost half of all infections occurred at addresses of Internet
service providers, the report said. It said the targets were
customers of the companies rather than the companies themselves.
About 28 percent of targets were in telecoms while other victims
were in the energy, airline, hospitality and research sectors,
Symantec described the malware as having five stages, each "hidden
and encrypted, with the exception of the first stage." It said "each
individual stage provides little information on the complete
package. Only by acquiring all five stages is it possible to analyze
and understand the threat."
Regin also uses what is called a modular approach that allows it to
load custom features tailored to targets, the same method applied in
other malware, such as Flamer and Weevil (The Mask), the anti virus
company said. Some of its features were also similar to Duqu malware,
uncovered in September 2011 and related to a computer worm called
Stuxnet, discovered the previous year.
[to top of second column]
Cybersecurity is a sensitive topic for businesses in the United
States, where there have been several breaches of major companies
and customer information. The U.S. government and private cyber
intelligence firms have said they suspect state-backed hackers in
China or Russia may be responsible.
Symantec said Russia and Saudi Arabia accounted for about half of
the confirmed infections of the Regin malware and the other
countries were Mexico, Ireland, India, Iran, Afghanistan, Belgium,
Austria and Pakistan.
(Reporting by Grant McCool, editing by G Crosse)
[© 2014 Thomson Reuters. All rights
Copyright 2014 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.