A recently discovered Backdoor Trojan Regin is a computer bug found by the software security company Symantec. Its purpose is to spy on the activities taking place on computers. It can collect passwords, capture screen images and even recover deleted files.
The Backdoor Trojan Regin has been made to operate in five stages the last two being encrypted to make it very difficult to discover and understand. If any stage were to be discovered it would say little about the other stages. Two stages are specifically given over to loading each other and the other stages. You can download a comprehensive PDF file from Broadcom describing Regin in detail at this Broadcom (previously Symantec) site. Selecting this link may automatically download the regin-top-tier-espionage-tool-15-en.pdf file into your download folder and display it in your PDF reader. To get access to this file manually go to:
and scroll down the page to the Frequently Visited section where you will find it listed as:
Regin: Top-tier espionage tool enables stealthy surveillance
Select that link on the page to download the file.
Backdoor Trojan Regin appears to have been developed as far back as 2008 and by its sophisticated nature was probably developed by a nation state as opposed to criminals. It appears to have been withdrawn from use by its masters in 2011 and a new version reintroduced in 2013.
Regin infections have been found in the following countries:
- Russian Federation
- Saudi Arabia
All Regin infections have been shared by these sectors thus:
- Airline – 5%
- Energy – 5%
- Hospitality – 9%
- Research – 5%
- Small Businesses & Private Individuals – 48%
- Telecoms Backbone – 28%
The Backdoor Trojan Regin has been made extremely stealthy so that it is very hard to determine what it is up to even after discovery. It could go undetected for years. For those interested it uses RC5 encryption which isn’t commonly used.