"Investigation and Reason Give Understanding"

Backdoor Trojan Regin Spying Since 2008

A recently discovered Backdoor Trojan Regin is a computer bug found by the software security company Symantec. Its purpose is to spy on the activities taking place on computers. It can collect passwords, capture screen images and even recover deleted files.

The Backdoor Trojan Regin has been made to operate in five stages the last two being encrypted to make it very difficult to discover and understand. If any stage were to be discovered it would say little about the other stages. Two stages are specifically given over to loading each other and the other stages. You can download a comprehensive PDF file from Broadcom describing Regin in detail at this Broadcom (previously Symantec) site. Selecting this link may automatically download the regin-top-tier-espionage-tool-15-en.pdf file into your download folder and display it in your PDF reader. To get access to this file manually go to:

https://www.broadcom.com/support/security-center/publications/whitepapers

and scroll down the page to the Frequently Visited section where you will find it listed as:

Regin: Top-tier espionage tool enables stealthy surveillance

Select that link on the page to download the file.

Backdoor Trojan Regin appears to have been developed as far back as 2008 and by its sophisticated nature was probably developed by a nation state as opposed to criminals. It appears to have been withdrawn from use by its masters in 2011 and a new version reintroduced in 2013.

Regin infections have been found in the following countries:

Afghanistan
Austria
Belgium
India
Iran
Ireland
Mexico
Pakistan
Russian Federation
Saudi Arabia

All Regin infections have been shared by these sectors thus:

Airline – 5%
Energy – 5%
Hospitality – 9%
Research – 5%
Small Businesses & Private Individuals – 48%
Telecoms Backbone – 28%

The Backdoor Trojan Regin has been made extremely stealthy so that it is very hard to determine what it is up to even after discovery. It could go undetected for years. For those interested it uses RC5 encryption which isn’t commonly used.

References

Post Views: 4,740

Posted

24 November 2014

Computers, Current, Internet, Software

Helpful Colin

Tags:

encryption, RC5, Regin, spyware, symantec, trojan

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Backdoor Trojan Regin Spying Since 2008

Regin infections have been found in the following countries:

All Regin infections have been shared by these sectors thus:

References

Comments

Leave a Reply Cancel reply