Regin Malware

New malware is on the horizon and it is a dangerous bug to have. Symantec, a computer security company, has recently discovered a new type of malware that has been hiding rather well. According to their report Regin Malware, is now the reigning king of Trojans that can infect numerous computers without the user ever knowing. Symantec reported the malware program dates back to 2008. It has linked it with a nation state that is using it to spy on governments and businesses. However, the country responsible is not known. Symantec believes those in the USA, Israel or China have the capability of building this Trojan malware, but has yet to find the exact designer.

Regin Malware has numerous capabilities depending on the computer being targeted. It is able to control the framework for mass surveillance. It is already attributed with spying against governments, businesses, infrastructure operators, researchers, and key private individuals.

Mobile Spread Could Bloom

Worry is increasing over such Trojans as Regin Malware given their ability to infect about every computer anywhere in the world, including a host of mobile devices. While, speculation about the designer of this malware is still ongoing, it will spread rapidly unless something is done.

Hackers are escalating their reach into private devices, particularly of Android users. There is an opinion that Apple iOS is less open to Trojans like Regin Malware, but nevertheless one has to be worried about the escalating numbers of infected devices. According to one study by F-secure between 2010 and 2012 the number of mobile devices with any malware is up 66.7 percent. The attack numbers are up by 96 on Android mobile devices alone, meaning that Android is attacked more.

F-Secure states the availability of Android systems throughout the world is the reason for the higher percentage. It is a more open system plus it is easy to download an App that can be infected. In fact the attributing factor by F-Secure is the number of Apps devised for Android that need to work on multiple devices. The creators of a hacker app can get their work out there quickly. Apple has stricter rules about Apps, which is seen as limiting the ability to create a malware laden App to Apple users.

The Details of Regin

Regin is what the security world calls, a backdoor Trojan. It can also be called a remote access Trojan. The malware is let into your computer and then it opens a backdoor on your security allowing hackers to get in. They are able to remotely access your computer to make it do things they want such as breaching secure files. It is the most dangerous type of Trojan because only the first stage is actually noticeable.

The first stage will start a domino effect in the infected computer. The first stage will start decryption, while the next five stages of Regin will open up the information package hidden in the computer. A dropper is first released, with stage one as the loader. A decryption occurs so the next stage loader can occur until stage three were a kernel seed is sent into the framework, which then unlocks stage four where kernels are sent out into more computers and more security is unlocked until the last stage. The last stage is considered the payload where all the sensitive material is unlocked and shared with the hacker.

The Percentage of Infection

Regin started in 2008 and abruptly left the market in 2011. Yet, there have been new versions of the software in recent years starting in 2013. Private individuals and small businesses have seen the most effect from the malware virus with a whopping 48% infected. Telecoms backbone infrastructure has been affected by 28%. Hospitality industries are at 9% infected, with energy, airlines, and research all at 5% infected. This makes up the mathematical pie of 100% infection.

Further details show that the Russian Federation was affected most at 28%, with Saudi Arabia at 24%. Mexico and Ireland are both 9% each, with India, Afghanistan, Iran, Belgium, Austria, and Pakistan each being infected by 5%. The pie shows that Israel, China, and the US are not affected enough by the Trojan, which is perhaps why the creator of Regin could be in one of those countries.

Ali Bitazar is Network Security Expert