Symantec has released a report on a malware under the name of "Regin". This malware has been online since 2008, and has gone undetected since then. According to Re/Code who interviewed Symantec, the origin of the malware has remained unclear.
The sophistication and effort put into Regin, however, makes it clear that it was made by no basement-dwelling neckbeard from 4Chan. This is the doing of a large organization, possibly with government origins, made for espionage purposes. It is reminiscent of Stuxnet, another virus that Symantec uncovered. Stuxnet was made by the US in cooperation with Israel to sabotage the Iranian nuclear research program.
The sophistication of this malware narrows it down to only the most technologically advanced countries. So, basically, the U.S and China. Could this be another malware created by the United States? Was/Is the NSA involved?
As quoted by a Symantec Blog Post:
This has been a huge spying campaign dating back at least to 2008 and maybe even as early as 2006.”
One thing the NSA is known for, of course, is their huge spying campaigns.
Theories aside, however, Symantec made a pie chart of targets which Regin mostly operated in:
Interestingly, Regin never allegedly operated within the US. Instead, it chose targets such as Russia, Iran, Afghanistan, India, Mexico, and Pakistan instead. More evidence of the NSA, maybe?
Admittedly, it never operated in China, either, so it remains very possible that Regin was of Chinese creation.
The way Regin operates is very clever. It can get into your Windows Operating System (linux systems remained safe, as usual) through pretty much any kind of downloaded program. Toolbars, sketchy torrents, unofficial music downloads, and even Yahoo! Messenger were used to infiltrate systems with Regin. These, however, are only known sources of infection. The way Regin infects computers is not yet totally known.
This Infographic from Symantec shows the five-stage process into which Regin infected it's host:
The download of a seemingly innocent program (hence the Trojan Horse) leads to the infection of your computer. After that program is ran, the 5-stage process of Regin takes effect on a system. The first process unleashes a chain reaction which takes over your system, with only the very first stage of Regin being detectable. After that, every subsequent stage is continually encrypted and encrypted, meaning it goes by totally undetected. Basically, their is nothing you can do about it, yet. Until some anti-virus creates protection against this malware, the only thing which can stop it is common sense. As a result, I urge anyone to investigate the sources they download their content from.
Many instances of undiscovered Regin still are floating around on the net, waiting for their next victim. Just because it's known, doesn't mean other variations of the virus don't exist. Remember, the minds behind this thing are clever, and they can probably morph Regin into a new Malware leagues more effective than this one. Even now, Symantec admits "Even when its presence is detected, it is very difficult to ascertain what it is doing".
So, what do you think? Is Regin the result of Top-Secret NSA, CIA, or Chinese Creation? Or was it created by a criminal underground in order to collect information on potential victims?
I will keep this article updated as more information becomes available.
UPDATE: Regin Malware is linked to being a Spy Tool for GCHQ and NSA Operations.
© 2014, insidious All Rights Reserved.