YIBADA

Symantec Discovers Nearly Undetectable Espionage Malware

| Nov 24, 2014 05:10 AM EST

Computer-cables--wires--technology-jpg.jpg

Symantec, a cybersecurity firm known for the Norton Antivirus software, discovered a new sophisticated, complex and nearly undetectable malware named "Regin."

According to Symantec, the back-door Trojan virus was detected in the computer networks of governments, businesses, research institutions, private individuals and infrastructure operators.

Symantec said that the Regin malware has been deployed as early as 2008, with almost no trace.

The first version of the malware was found to be deployed between 2008 and 2011, but it disappeared thereafter. In 2013, the second upgraded 64-bit version of Regin resurfaced.

Symantec calls the malware "Backdoor.Trojan.Gr" and puts the detection date to Dec. 12, 2013. Since then, the cybersecurity firm did not know much until recently.

According to the California-based firm, the malware can be used to steal passwords, capture screens and steal private files even if it is deleted already. Symantec also believes that the Regin malware has a custom-built encrypted virtual file system, which makes it difficult to be detected by the average anti-malware programs.

Symantec posited that Regin might have been developed for top-level espionage by a government as traces of the malware have been found in many countries such as Afghanistan, Austria, Belgium, India, Ireland, Iran, Pakistan, Saudi Arabia and Russia, where 28 percent of Regin attacks were recorded.

Surprisingly, no traces of Regin were found in the U.S., which spawned rumors that the highly complex malware was developed in America.

"Its low-key nature means it can potentially be used in espionage campaigns lasting several years," a statement from Symantec said.

The Regin malware was compared to Stuxnet, another advanced form of backdoor virus that was used for espionage, that was discovered in 2010.

Most Popular

EDITOR'S PICK