by S2 » Sun Nov 30, 2014 1:20 pm

**11/30/14
**Regin - the most powerful malware

Regin(malware)
From Wikipedia, the free encyclopedia
For the Norse dwarf, see Regin (Norse mythology).

Some descriptions from the Ref. materials:
Regin is sophisticated stealthy malware revealed by Kaspersky Lab[1] and Symantec in November 2014 that targets specific users of Microsoft Windows-based computers.[2] Kaspersky Lab says it first became aware of Regin in spring 2012, but that some of the earliest samples date from 2003.[3] (The name Regin is first found on the VirusTotal website on 9 March 2011.[4]) Among computers infected worldwide by Regin, 28 percent were in Russia, 24 percent in Saudi Arabia, 9 percent each in Mexico and Ireland, and 5 percent in each of India, Afghanistan, Iran, Belgium, Austria and Pakistan.[5] Kaspersky Lab was unable to determine the attack vector used, and said the malware's main victims are private individuals, small businesses and telecom companies. Regin has been compared to Stuxnet and is thought to have been developed by "well-resourced teams of developers," possibly a Western government, as a targeted multi-purpose data collection tool.

According to Die Welt, security experts at Microsoft gave it the name "Regin" in 2011, after the cunning Norse dwarf Regin.

Known attacks and originator of malware:
German news magazine Der Spiegel reported in June 2013 that the US intelligence National Security Agency (NSA) had conducted online surveillance on both European Union (EU) citizens and EU institutions. The information derives from secret documents obtained by former NSA worker Edward Snowden. Both Der Spiegel and The Intercept, with the help of security industry sources –who provided code samples from their investigation of the attack– and The Intercept's own technical analysis, quote a secret 2010 NSA document stating that it made cyberattacks that year, without specifying the malware used, against the EU diplomatic representations in Washington, D.C. and its representations to the United Nations.[4][14] Signs identifying the software used as Regin were found by investigators on infected machines.

The Intercept also said that in 2013 the UK's GCHQ attacked Belgacom, Belgium's largest telecommunications company.[4] These attacks may have led to Regin coming to the attention of security companies. Der Spiegel reported in November 2014, based on analysis done by IT security firm Fox IT, that Regin is a tool of the intelligence agencies of the USA and the UK. Fox IT found Regin on the computers of one of its customers, and according to their analysis parts of Regin are mentioned in the NSA ANT catalog under the names "Straitbizarre" and "Unitedrake". Fox IT did not name the customer, but Der Spiegel mentioned that among the customers of Fox IT is Belgacom and cited the head of Fox IT, Ronald Prins, who stated that they are not allowed to speak about what they found in the Belgacom network.

Study materials:
Ref:
http://en.wikipedia.org/wiki/Regin_%28malware%29
http://www.symantec.com/connect/blog...y-surveillance
http://www.zdnet.com/nation-state-sp...ed-7000036076/
https://www.virusbtn.com/blog/2014/11_24a.xml
https://firstlook.org/theintercept/2...acom-nsa-gchq/