1. Regin. /ˈreɪɡɪn/ 1. (Norse myth) a dwarf smith, tutor of Sigurd, whom he encouraged to kill Fafnir for the gold he guarded.

Regin is essentially a murderous dwarf who is caught/killed by his own greed. This Norse mythology is at the core a description of the Regin virus that has injected itself across the globe and today has finally been brought to light by Symantec and Kaspersky researchers. The Regin cybvervirus is a virus that has been tracked over the course of the past few years by security firms like Symantec, Kaspersky and McAfee, but they simply did not have enough data to build the whole picture of the computer virus’ scope nor its target. As a result, this research has been going on for quite some time and today multiple security companies have published their findings on the Regin malware and what it seeks to accomplish once it has infected a system.

According to Symantec’s research, Regin is being used as a covert espionage tool to go after very specific targets and infect them at a very deep level to either gain access to information or to gain access to a user of that network’s information. They say that Regin is a very complicated and highly encrypted piece of malware that hides its final form from anyone looking to find it unless they have access to all five stages of the malware’s unpacking. They detail the process in their technical whitepaper but it is essentially a multi-stage virus that hides its ultimate target and execution unless users can obtain every form/stage of the virus’ unpacking until it becomes the final payload.

This multi-stage approach is similar to what was seen from Duqu and Stuxnet and is once again very likely to be a sovereign-built piece of malware from some government. And as you can see, the targets that it goes after are very broad and appear to be focused mostly developing countries with Russia, Belgium and Germany being the exceptions. Those countries according to Kaspersky are:

Algeria
Afghanistan
Belgium
Brazil
Fiji
Germany
Iran
India
Indonesia
Kiribati
Malaysia
Pakistan
Russia
Syria

However, if you use Symantec’s data, the list of countries actually expands to include Saudi Arabia, Austria, Ireland and Mexico.

Regin Countries

Additionally, Kaspersky discovered a strong attack on GSM networks, especially in the case of Belgium where an entire operator was infiltrated by this malware and had publicly announced that they had been attacked, but were not aware of the perpetrator nor the target. What’s interesting, however, is that both Kaspersky and Symantec had discovered that this malware’s structure and payload delivery system (the mutli-stage approach) were specifically designed to obscure the malware’s existence and once it had infected a system it was designed to be inconspicuous as it continued to linger on the infected system, making detection incredibly difficult.

The post Regin: Stuxnet's Best Spying Malware Cousin appeared first on VR World.

1. Regin. /ˈreɪɡɪn/ 1. (Norse myth) a dwarf smith, tutor of Sigurd, whom he encouraged to kill Fafnir for the gold he guarded.

Regin is essentially a murderous dwarf who is caught/killed by his own greed. This Norse mythology is at the core a description of the Regin virus that has injected itself across the globe and today has finally been brought to light by Symantec and Kaspersky researchers. The Regin cybvervirus is a virus that has been tracked over the course of the past few years by security firms like Symantec, Kaspersky and McAfee, but they simply did not have enough data to build the whole picture of the computer virus’ scope nor its target. As a result, this research has been going on for quite some time and today multiple security companies have published their findings on the Regin malware and what it seeks to accomplish once it has infected a system.

According to Symantec’s research, Regin is being used as a covert espionage tool to go after very specific targets and infect them at a very deep level to either gain access to information or to gain access to a user of that network’s information. They say that Regin is a very complicated and highly encrypted piece of malware that hides its final form from anyone looking to find it unless they have access to all five stages of the malware’s unpacking. They detail the process in their technical whitepaper but it is essentially a multi-stage virus that hides its ultimate target and execution unless users can obtain every form/stage of the virus’ unpacking until it becomes the final payload.

This multi-stage approach is similar to what was seen from Duqu and Stuxnet and is once again very likely to be a sovereign-built piece of malware from some government. And as you can see, the targets that it goes after are very broad and appear to be focused mostly developing countries with Russia, Belgium and Germany being the exceptions. Those countries according to Kaspersky are:

Algeria
Afghanistan
Belgium
Brazil
Fiji
Germany
Iran
India
Indonesia
Kiribati
Malaysia
Pakistan
Russia
Syria

However, if you use Symantec’s data, the list of countries actually expands to include Saudi Arabia, Austria, Ireland and Mexico.

Regin Countries

Additionally, Kaspersky discovered a strong attack on GSM networks, especially in the case of Belgium where an entire operator was infiltrated by this malware and had publicly announced that they had been attacked, but were not aware of the perpetrator nor the target. What’s interesting, however, is that both Kaspersky and Symantec had discovered that this malware’s structure and payload delivery system (the mutli-stage approach) were specifically designed to obscure the malware’s existence and once it had infected a system it was designed to be inconspicuous as it continued to linger on the infected system, making detection incredibly difficult.

The post Regin: Stuxnet's Best Spying Malware Cousin appeared first on VR World.

Anti Virus firms Symantec and Kaspersky have been removed from China’s official list of anti-virus vendors approved to sell to the government and state-owned corporations, continuing a trend of creating a hostile market for foreign technology companies.

The removal of these two companies from the list leaves only five, which, uncoincidentally, all all Chinese firms: Qihoo 360 Technology, Venustech, CAJinchen, Beijing Jiangmin, and Rising remain on the list. Last year, the list, which comes via a procurement bureau for government agencies had many recognizable foreign brands including ESET, Panda Security and Trend Micro.

But while Symantec and Kaspersky are no longer allowed to sell to China government agencies, products from the two companies are not directly banned in-country.

“It is important to note that this list is only for certain types of procurement and Symantec products are not banned by the Chinese government,” a Symantec spokesperson said in a release.

Privately, China’s Public Security Ministry has alleged that Symantec has placed backdoors in its software for electronic eavesdropping — a charge that Symantec has publicly outright denied.

“Symantec does not put hidden functionality or back doors into any of its technologies -– not for the NSA or any other government entities,” a Symantec spokesperson is quoted in a statement first published by Bloomberg.

It appears that regional level governments are still allowed to purchase software made by the two companies. It’s not clear if China’s many state-owned enterprises — which include every major telecom, bank, shipbuilding, mining and construction company — are banned from procuring the software.

The announcement first came from the Twitter feed of the People’s Daily, a newspaper which is largely seen as a mouthpiece for the Communist party.

Govt procurement agency has excluded Symantec & Kaspersky fm a security software supplier list, all 5 in are fm China pic.twitter.com/cSqCxVN0jI

— People’s Daily,China (@PDChina) August 3, 2014

Attacks against Western consumer product companies in China from state media began last year with Apple targeted for its warranty practices, but in a post-Edward Snowden world the tempo increased in 2014 and changed to specifically target technology companies.

The post China Government Targets Symantec, Kaspersky appeared first on VR World.