The New Stuxnet Discovered Called Regin How Does It Work?

Updated 11/25/2014

Symantec researchers discovered "the new Stuxnet", but it has been in operation since at least 2006. Obviously a highly advanced spying tool, better than the best malware out there. If you look at the times the code was put together it is clear that this is built in the UK with perhaps some help from the NSA.

Symantec published a 22-page report and blog post on the Regin malware, which it described as a powerful cyberespionage platform that can be customized depending on what type of data is sought.

If Regin does turn out to have been active and hidden for 8 years, the discovery means that nation states are still having a 100% success rate in avoiding all antivirus products, which is very bad news for companies trying to protect their networks and crown jewels.

Symantec has been quietly trying to analyze this critter for the last 12 months. It has five separate stages, each one depending on the previous stage to be decrypted. It also uses peer-to-peer communication, which avoids using a centralized command-and-control system to exfiltrate stolen data.

It's also not clear yet how users become infected with Regin. Symantec figured out how just one computer became infected so far, which was via Yahoo's Messenger program. Possibly the user was a victim of social engineering, but it could just as well be a zero-day in Messenger itself which infects a PC without any interaction from the user. In any case, stepping your users through effective security awareness training is a very good idea with malware like this out there. Find out how affordable this is for your organization today.