Symantec has identified two distinct versions of Regin, but hasn't been able to identify a reproducible infection vector, although it speculates infected Web sites may download it through Web browser exploits or by exploiting applications. On one computer, log files show that Regin originated from Yahoo Instant Messenger through an unconfirmed Exploit," the report says.
Symantec says it started investigating Regin last fall. "The level of sophistication and complexity of Regin suggests that the development of this threat could have taken well-resourced teams of developers many months or years to develop and maintain," Symantec says.
Sign up for CIO Asia eNewsletters.