Symantec uncovers new computer malware, Regin

Symantec researchers find new sophisticated computer malware used for spying called 'Regin'.

Published Date
24 - Nov - 2014
| Last Updated
24 - Nov - 2014
Symantec uncovers new computer malware, Regin

Security researchers at Symantec have uncovered the world’s most sophisticated computer malware, called Regin. According to the report the malware is used in intelligence gathering and data collection on private companies, research institutes, governments and individuals in 10 countries.

Symantec says that the bug targeted telecom and Internet service providers mainly in Russia and Saudi Arabia as well as Mexico, Ireland and Iran, although it is unclear how Regin infected the systems. Almost half of all infections occurred at addresses of internet service providers and the targets were customers of the companies rather than the companies themselves. About 28% of targets were in telecoms while other victims were in the energy, hospitality, airline and research sectors, the report said.

Symantec says that the malware uses several "stealth" features "and even when its presence is detected, it is very difficult to ascertain what it is doing," according to Symantec. It said "many components of Regin remain undiscovered and additional functionality and versions may exist."

“Regin could be customised to target different organizations and had hacked Microsoft email exchange servers and mobile phone conversations on major international networks,” the company says.

Symantec says that the bug is probably run by a Western intelligence agency and is more advanced in engineering terms than Stuxnet, which was designed by US and Israel government hackers in 2010 to target Iran’s nuclear program.

"We are probably looking at some sort of western agency,” said Orla Cox, director of security response at Symantec, describing Regin as one of the most “extraordinary” pieces of hacking software developed, and probably “months or years in the making”.

“Sometimes there is virtually nothing left behind - no clues. Sometimes an infection can disappear completely almost as soon as you start looking at it, it’s gone. That shows you what you are dealing with,” she said.

Also Read: Majority of DDoS traffic in 2014 originated from India: Symantec

Source: Symantec