Regin
Malware
Regin is a complex strain of back-door Trojan malware that uses a multi-staged, modular
approach to infect its targets in order to monitor user activity and steal
data.
Regin was discovered in a variety of organizations between
2008 and 2011; it then disappeared until 2013, when a new version resurfaced.
The attack vector varies depending on the
target, but it's believed that some people are tricked into visiting fake versions
of well-known Websites and the malware is installed through the browser or an
application. There has also been an unconfirmed instance in which the infection
originated from Yahoo Instant Messenger.
Regin can conduct a wide range of operations once it infects
a system, including screenshot-capturing, taking control of mouse functions,
stealing passwords, monitoring network traffic and recovering deleted files.
With highly customizable capabilities stemming from the modular design, Regin
is geared toward monitoring individuals or organizations for long periods of
time and has been used as an advanced persistent threat in spying
operations against government organizations, infrastructure operators,
businesses, researchers and individuals.
Regin malware uses a five stage approach in which every
stage is hidden and encrypted, except for the first stage. Each stage relies on
each other to function.
The first stage involves the installation and configuration
of the internal services; this is the only one that is plainly visible on the
system. The later stages involve distribution of the main payloads, which are stored as encrypted
data blobs, either as a file or within a non-traditional file storage area. Individually, each stage
contains little information on the complete process, so it's only possible to
analyze and understand the threat if all stages are visible at the same time.
This multi-stage architecture is similar to that of Stuxnet and Duqu.
Regin uses a command-and-control infrastructure, which
helps it avoid detection. It relies on legitimate communication channels, such
as custom TCP and UDP
protocols and embedded commands in HTTP cookies, to help it covertly communicate
with its user(s).
The majority of Regin infections have occurred within small
businesses and individuals. Other targets include telecom companies. The
attacks have been geographically diverse, spreading in ten different countries,
mainly in Russia and Saudi Arabia.
Regin malware has been linked to the U.S., UK and Israeli
governments as part of long-term government-sponsored cyber-espionage
campaigns.
This was first published in April 2015
Contributor(s): Madelyn Bacon
===================================================
Good Netiquette to all!
===================================================
Have you ever wondered how it would be if your email suddenly came to life? You are about to find out.====================================================
Have you ever wondered what a conference call looks like in real life? See the link below
https://www.youtube.com/watch?v=DYu_bGbZiiQ
=====================================================
**Important note** - contact our sister company for very powerful solutions for IP management (IPv4 and IPv6, security, firewall and APT solutions:
www.tabularosa.net
In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” will be published soon follow by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:
www.amazon.com/author/paulbabicki
If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio Additionally, I provide content for an online newsletter via paper.li. I have also established Netiquette discussion groups with Linkedin and Yahoo. I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. Further, I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and have been a contributor to numerous blogs and publications.
Lastly, I
am the founder and president of Tabula
Rosa Systems, a company that provides “best of breed” products for network,
security and system management and services. Tabula Rosa has a new blog and Twitter site which offers great IT
product information for virtually anyone.
==============================================
No comments:
Post a Comment