SoylentNews

Regin makes use of multiple stages to complete its attack. Once the victim is duped into loading the trojan application, by sending you an email with an infected attachment, it will download encrypted components needed for the attack. This allows the trojan to be easily adapt remotely, which makes it difficult for any anti-malware software to keep up.

Regin is more cunning still. As each component is downloaded, decrypted and activated, it then downloads another component. Each potentially different and very difficult to detect. Eventually it installs a kernel, the core application that runs the malware. It then loads its own “user framework” a collection of applications and system calls that talk to the kernel. All this enables Regin to access data on the attacked computer and spy as it is directed to.

Regin seems to be the Swiss army knife of malware, adapting to the user and the intended attack, adding different tools and resources in a stealthy stepwise manner. One victim gets one unique set of tools, and another victim gets a completely different set.

The tools Regin deploys include key loggers (recording which buttons on the keyboard are pressed), mouse-click monitors, network-traffic monitoring, screen capturing software and tools that log messenger chats.

This multi-staged attack has the hallmarks of a complex capable agency. The suspicion is that a western intelligence agency is behind Regin. The release pattern suggests that the period between 2008 and 2011 was used for field trials. Since then attacks have been highly targeted. Russia and Saudi Arabia top the list among of those attacked so far.

Security researchers at Symantec have called Regin "peerless" and "groundbreaking," and it might be the most advanced malware campaign ever uncovered, a peek into the future of espionage and surveillance.

It's not only a computer virus or malware, but also a toolkit or platform that can be used for different purposes, depending on the needs of the attackers. It can collect passwords, retrieve deleted files, and even take over entire networks and infrastructures, according to researchers.

It's a toolkit that is made of various pieces, and that unfolds in five different stages, making it extremely hard to detect. In one of its stages, Regin disguises itself as legitimate Microsoft software to fool targets and avoid detection.

Kaspersky also detailed a "mind-blowing" attack against another unnamed Middle East country, in which Regin completely took over the networks of the country's Presidential office, a research center, an educational institute, a mathematics institute, and a bank.

Regin also hit several other countries: Algeria, Afghanistan, Belgium, Brazil, Fiji, Germany, Iran, India, Indonesia, Kiribati, Malaysia, Pakistan, Russia, Syria, according to Kaspersky.