11/26/2014

#regin the samples are coming online but attention

THis is one of the places where samples are being uploaded (I know several people (not me) have a sample of the BGC infection) 

http://malwaretips.com/threads/regin-malware-34-samples.38054/

https://malwr.com/analysis/OTlmYTk1MzA2NjE5NDIxYTgzMWQxOWNhODFmNmRmNDQ/

Just to be sure that you understand what you are up to if you download this 

* there is no clear definition of what a Regin package is, there are several different packages with different plugins and different timestamps so many antiviruses don't see it 

  this means that if you download it your securitydefenses may not discover it or some of the new or additional code and functions. You should therefore only place it in a sandbox and handle it on a nonconnected computer (don't use USB use a CDROM and throw it away or place it somewhere else (absolutely not safe)

* it is not because it is called Regin that it is Regin 

* some of the samples have personal information about their victims and their employees in the logfiles (if you are a legal expert you will have to destroy these files or inform the local police that you seem to have proof of an infection). 

* As the discovery for the latest samples is quite low, antivirus firms will have to go hunting for real and imaginary Regin samples 

* if you don't have the knowledge and tools to handle this atombomb of code, stay far away - you will have seen nothing like this

In my view it is urgent for the big antivirus-securityfirms to set up a working group to collect all the different samples and information to get a whole picture and to be sure that all companies and networks have sufficient protections independent of their antivirus-securitytool. 

Permalink | |  Print |  Facebook | | | | Pin it! |

The comments are closed.