Tuesday, May 26, 2015

Netiquette IQ Technical Term Of The Day - Regin Malware - A Devious Trojan

From whatis.com

Regin Malware 

Regin is a complex strain of back-door Trojan malware that uses a multi-staged, modular approach to infect its targets in order to monitor user activity and steal data.
Regin was discovered in a variety of organizations between 2008 and 2011; it then disappeared until 2013, when a new version resurfaced. The attack vector varies depending on the target, but it's believed that some people are tricked into visiting fake versions of well-known Websites and the malware is installed through the browser or an application. There has also been an unconfirmed instance in which the infection originated from Yahoo Instant Messenger.

Regin can conduct a wide range of operations once it infects a system, including screenshot-capturing, taking control of mouse functions, stealing passwords, monitoring network traffic and recovering deleted files. With highly customizable capabilities stemming from the modular design, Regin is geared toward monitoring individuals or organizations for long periods of time and has been used as an advanced persistent threat in spying operations against government organizations, infrastructure operators, businesses, researchers and individuals.

Regin malware uses a five stage approach in which every stage is hidden and encrypted, except for the first stage. Each stage relies on each other to function.

The first stage involves the installation and configuration of the internal services; this is the only one that is plainly visible on the system. The later stages involve distribution of the main payloads, which are stored as encrypted data blobs, either as a file or within a non-traditional file storage area. Individually, each stage contains little information on the complete process, so it's only possible to analyze and understand the threat if all stages are visible at the same time. This multi-stage architecture is similar to that of Stuxnet and Duqu.
Regin uses a command-and-control infrastructure, which helps it avoid detection. It relies on legitimate communication channels, such as custom TCP and UDP protocols and embedded commands in HTTP cookies, to help it covertly communicate with its user(s).
The majority of Regin infections have occurred within small businesses and individuals. Other targets include telecom companies. The attacks have been geographically diverse, spreading in ten different countries, mainly in Russia and Saudi Arabia.

Regin malware has been linked to the U.S., UK and Israeli governments as part of long-term government-sponsored cyber-espionage campaigns.

This was first published in April 2015
Contributor(s): Madelyn Bacon
Good Netiquette to all!
Have you ever wondered how it would be if your email suddenly came to life? You are about to find out.
Have you ever wondered what a conference call looks like in real life? See the link below
**Important note** - contact our sister company for very powerful solutions for IP management (IPv4 and IPv6, security, firewall and APT solutions:


In addition to this blog, Netiquette IQ has a website with great assets which are being added to on a regular basis. I have authored the premiere book on Netiquette, “Netiquette IQ - A Comprehensive Guide to Improve, Enhance and Add Power to Your Email". My new book, “You’re Hired! Super Charge Your Email Skills in 60 Minutes. . . And Get That Job!” will be published soon follow by a trilogy of books on Netiquette for young people. You can view my profile, reviews of the book and content excerpts at:


 If you would like to listen to experts in all aspects of Netiquette and communication, try my radio show on BlogtalkRadio  Additionally, I provide content for an online newsletter via paper.li. I have also established Netiquette discussion groups with Linkedin and Yahoo.  I am also a member of the International Business Etiquette and Protocol Group and Minding Manners among others. Further, I regularly consult for the Gerson Lehrman Group, a worldwide network of subject matter experts and have been a contributor to numerous blogs and publications. 

Lastly, I am the founder and president of Tabula Rosa Systems, a company that provides “best of breed” products for network, security and system management and services. Tabula Rosa has a new blog and Twitter site which offers great IT product information for virtually anyone.