A recently discovered Backdoor Trojan Regin is a computer bug found by the software security company Symantec. Its purpose is to spy on the activities taking place on computers. It can collect passwords, capture screen images and even recover deleted files.
The Backdoor Trojan Regin has been made to operate in five stages the last two being encrypted to make it very difficult to discover and understand. If any stage were to be discovered it would say little about the other stages. Two stages are specifically given over to loading each other and the other stages. You can see a block diagram of Regin’s stages of operation at this Symantec site.
Backdoor Trojan Regin appears to have been developed as far back as 2008 and by its sophisticated nature was probably developed by a nation state as opposed to criminals. It appears to have been withdrawn from use by its masters in 2011 and a new version reintroduced in 2013.
Regin infections have been found in the following countries:
- Russian Federation
- Saudi Arabia
All Regin infections have been shared by these sectors thus:
- Airline – 5%
- Energy – 5%
- Hospitality – 9%
- Research – 5%
- Small Businesses & Private Individuals – 48%
- Telecoms Backbone – 28%
The Backdoor Trojan Regin has been made extremely stealthy so that it is very hard to determine what it is up to even after discovery. It could go undetected for years. For those interested it uses RC5 encryption which isn’t commonly used.