The biggest malware story of the week isn’t directly affecting American businesses or government – at least not yet.
Earlier this week, Symantec announced the discovery of a Trojan the company dubbed Regin. It’s a back-door Trojan that is being used primarily for espionage and surveillance. Researchers are also calling it one of the most sophisticated pieces of malware they’ve seen yet and it can be customized to specific targets. Jeff Goldman at eSecurity Planet explained more about Regin:
Different modules allow attackers to capture screenshots, take control of the mouse's point-and-click functions, steal passwords, monitor network traffic, recover deleted files, monitor Microsoft IIS Web server traffic, and monitor mobile phone base station controller traffic.
Not surprisingly, a lot of questions are swirling about Regin, such as who created it, how long has it been out there, and why did it take so long to be discovered? It appears that it was developed by someone in a Western country, most likely the United States or within the United Kingdom. Symantec reported that the malware has been around since 2008, and researchers have been monitoring it for a while. That it took so long for the information to be released about Regin has security writers like Thomas Fox-Brewster at Forbes wondering if the delayed response is creating greater risk.
While Regin has not yet been found on American computers, Chris Messer, vice president of technology at Coretelligent, warned in an email to me that we can’t become complacent. If Regin is reverse-engineered, Messer pointed out, there’s risk that it could be used against our own government to steal sensitive information. He added:
The security implications with this discovery are quite clear - our intelligence agencies and those of our allies have incredibly powerful and sophisticated tools and methodologies at their disposal to spy on enemies. While these are absolutely necessary capabilities to have in our digital age, they also come with great risk and responsibility to be controlled and leveraged in a judicious manner. It’s naïve to think that these tools couldn’t be easily re-purposed or re-deployed against our allies, or even against individual business leaders, political targets or citizens.
I have little doubt that other sophisticated spying malware tools are out there. Cyberespionage isn’t a topic that is addressed very well yet; we’re still too busy trying to figure out how to keep hackers from stealing our credit card information during the shopping season. What Regin shows us is that governments are stepping up their games, and security detection has to do the same.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba