A new type of malware has been discovered that is said to be as dangerous as Heartbleed and Shellshock – both Internet vulnerabilities that existed on the Web for years. Now, a new type of backdoor Trojan malware, called Regin, joins the ranks of lethal malware types.
Regin is known as a backdoor Trojan, which means that hackers can use Regin to gain access to an infected computer and send the device certain commands. Antivirus and security software company Symantec started to notice Regin again in 2013 after the malware resurfaced since its earlier appearances in 2008 and 2011.
Regin first surfaced in 2008 when it was being used against businesses and governments. Symantec says that the new malware is a “top-tier espionage tool” and that “its capabilities and the level of resources behind Regin indicate that it is one of the main cyberespionage tools used by a nation state.” Regin has been used in a number of data collection and intelligence gathering campaigns. “Regin is the cyber equivalent of a specialist covert reconnaissance team. The analysis shows it to be highly adaptable, changing its method of attack depending on the target,” said Malwarebytes Special Projects Director Pedro Bustamante.
Regin’s founder(s) has yet to be determined, but Symantec says that the creator has covered his tracks and the development of the malware while continuing the creator’s campaign against numerous entities. Currently, a number of countries have the lethal malware within its borders, such as Afghanistan, Austria, Belgium, India, Iran, Ireland, Mexico, Pakistan, Russia, and Saudi Arabia. Symantec says that Russia currently has 28% of all Regin infections, followed by Saudi Arabia as a close second.
Heartbleed is an OpenSSL vulnerability that was introduced into OpenSSL by a German programmer who did not realize his mistake until years later. It allows hackers to steal all of your personal information and passwords the data encryption protection is compromised. Heartbleed bug and OpenSSL vulnerability was made public earlier this Spring. Google became aware of the situation some weeks before disclosing the bug to the public, and rumors state that the NSA has known for months but decided to maintain secrecy in order to utilize the loophole for the agency’s own purposes down the road.
Shellshock is another vulnerability that compromises command executions. Linux (Windows is not at risk) is the most at-risk operating system, since Linux systems contain “Bash,” a command executioner that tells your computer to “do” certain commands.
Where does Regin fit in with Heartbleed and Shellshock? Regin is even more lethal than these vulnerabilities. First, Regin is designed to be a “covert” malware operation online, but is also capable of “covering its tracks” after it gathers whatever data it needs to. While Heartbleed leaves the Web open to all sorts of data leaks, and Shellshock stops commands from working as normal, Regin allows hackers to remotely control your device and gather information while keeping their location anonymous and undisclosed.