Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Regin malware linked to attacks on Belgacom, well-known cryptographer

Jeremy Kirk | Nov. 26, 2014
After Symantec blew the lid on Regin on Sunday, computer security experts and companies are revealing information that has lead to suspicions that the U.S. and U.K. are involved.

Other computer security companies have been less direct about Regin's creator. Symantec maintained that it believed Regin was of such clever engineering that it must have been developed by a nation-state, but it stopped short of naming one.

In a statement on Monday, Symantec said it has not found any identifiers in Regin's code that indicate its origin and that "we do not have sufficient evidence to attribute it to any particular state or agency."

The Finnish computer security company F-Secure saw an early version of Regin in 2009 and also shied away from naming a country.

But Antti Tikkanen, director of security response at F-Secure Labs, wrote in a blog post: "Our belief is that this malware, for a change, isn't coming from Russia or China."

F-Secure found Regin on a server run by one of its customers in northern Europe. The server was occasionally crashing and showing the Blue Screen of Death, Tikkanen wrote. The cause was a driver that turned out to be a rootkit and an early Regin variant.

Mikko Hypponen, F-Secure's chief research officer, wrote on Twitter that F-Secure added detection for Regin, but didn't write about it publicly due to customer confidentiality concerns.

Hypponen maintained that F-Secure added detection for Regin in its products and that "no customer (and no government) has ever asked us not to add detection on some specific malware."

Microsoft also picked up on Regin, adding an entry for a variant into its database of malware on March 9, 2011. The entry, however, contains no technical data.


Previous Page  1  2 

Sign up for CIO Asia eNewsletters.