“Advanced malware was to include Belgium” – update 2




Researchers at Symantec have discovered spying malware that probably comes from a government which would have affected include Belgian computers. The malware was, inter alia, in a position to steal files.

Five percent of confirmed infections of advanced malware took place in Belgium; most infections took place in Russia and Saudi Arabia, respectively 28 and 24 percent. The researchers from Symantec not specify which country would be behind the malware, but it is notable that no infections had occurred in the United States.

The malware, the researchers Regin baptized , according to the researchers is modular. Therefore, the activities of malware per victim can be adjusted. The malware would include being able to steal passwords, take screenshots, to take over the mouse and intercept network traffic; usual features for a spying trojan. Regin also would be able to retrieve deleted files.

Regin would be distributed through spoofed versions of well-known websites, including using security problems. In one case, the malware would be distributed through a vulnerability in Yahoo Messenger, all the researchers that they were not able to verify that problem.

The makers of the malware would have done their best to make sure he was not discovered. For this purpose the software was an unusual example encrypted cryptographic algorithm and had the malware even its own encrypted file system on board. The makers of the malware would communicate unusual way with the malware, including through commands that are hidden in cookies and ping messages.

Update, 16:05: According to security researcher Mikko Hypponen of F-Secure malware could be used to hack the Belgian data protection Professor Jean-Jacques Quisquater. Previously showed that cybercrime professor by the NSA would be hacked. That is an indication that the malware Regin set up by the NSA.

Update, 16:16: The malware was used in attacks on the European Parliament and Belgacom, writes Wired.

Update, 16:36: According to Ronald Prince of security firm Fox-IT is the malware from the NSA and its British counterpart GCHQ.


In: Technology & Gadgets Asked By: [15465 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »