Innovative and incomparable ‘Regin’ malware

By Gregory wallace

NEW YORK (CNNMoney) – Experts don’t know where it came from, and they’re not quite sure what it does.

But they do know this: a newly discovered cybersecurity threat doesn’t work like the usual theft of your credit card. It appears to be a government spy tool and is “innovative and almost incomparable.”

According to Symantec, the cybersecurity company that makes Norton antivirus, the Regin malware, as it has been dubbed, has been lurking on computers around the world for almost six years now.

“The capabilities and level of resources behind Regin indicate that it is one of the main computer espionage tools used by a nation-state,” Symantec said Sunday, explaining that “its development took months, if not years, to complete.”

The researchers provided little information to answer some key questions: Who designed it? How much has it spread? What does he steal? What are the risks?

They said Regin has been discovered in at least 10 countries and was most strongly concentrated in Russia and Saudi Arabia.

The United States was not among the countries Symantec listed.

The malware was installed on corporate computers around the world, but what it was looking for was not a business secret. When a target was selected, it searched airline computers to find where the target was traveling. He scanned hotel computers to find his room number. And he also used telecommunications computers to see who he was talking to.

“They were trying to get intelligence, not intellectual property,” said Symantec analyst Vikram Thakur.

Symantec said the malware is well hidden and has various levels of protection. It uses multiple types of encryption, for example, and can communicate with the hacker who implemented it in a number of different ways.

It also uses a “modular” structure that hides deeper layers of the malware, making it “very difficult to determine what it is doing,” the researchers said.

In that sense, it is similar to that of the Stuxnet computer worm, which in the opinion of many, is a weapon designed by the United States against the Iranian nuclear program. Iran is one of 10 countries where Symantec says it found the Regin malware.

“Its discreet nature means that it can possibly be used in spy campaigns lasting several years,” he wrote, and the additional components will likely “remain unknown.

CNNMoney’s Jose Pagliery contributed to this report.