In case you need another confirmation that the internet is not safe, the Symantec today published a detailed report on a sophisticated form of spyware known as Regin.
This spyware isn't just another threat in the ever-growing list of malware. Symantec says that this malware "displays a rare degree of technical skill." The researchers they state that Regin that it is similar to Stuxnet worm, also discovered by Symantec in 2010, Stuxnet was used for attacks on Iran's nuclear facilities.
The company's conclusion about Regin is that this tool has been developed by a state with significant technological means. Symantec says:
"It is possible that its development took months, if not years, to complete and its authors have made great efforts to cover their tracks. "Regin's capabilities and level of resources show that it is one of the main cyberespionage tools used by a state."
Regin has been around since at least 2008, operating as a back-door Trojan, and has been used against governments, Internet service providers, telecommunications companies, researchers, businesses, and individuals, Symantec reports. Regin hits computers running Windows and runs in five stages, giving the attacker a "powerful framework for mass surveillance." Provides flexibility for attackers to customize packages within malware.
Symantec points to Saudi Arabia and Russia as primary targets of Regin spyware. However, shocks have also been observed in others countries such as Mexico, Iran, Afghanistan, India, Belgium and Ireland. Most of the infections came from visits to "spoofed versions of well-known websites," Symantec says, and in one case the contamination came from Yahoo! Messenger.
In an interview with Re/Code, Symantec security researcher Liam O'Murchu said they know for sure it was created by some technologically advanced country. Of course, there are two obvious suspects, the US and the China, but no one can say for sure.
