12/09/2014

#regin was responsable for the #Belgacomhack says Foxit in this article

"This is why the recent disclosure of Regin is so disquieting. The first public announcement of Regin was from Symantec, on November 23. The company said that its researchers had been studying it for about a year, and announced its existence because they knew of another source that was going to announce it. That source was a news site, the Intercept, which described Regin and its U.S. connections the following day. Both Kaspersky and F-Secure soon published their own findings. Both stated that they had been tracking Regin for years. All three of the antivirus companies were able to find samples of it in their files since 2008 or 2009.

 

So why did these companies all keep Regin a secret for so long? And why did they leave us vulnerable for all this time? To get an answer, we have to disentangle two things. Near as we can tell, all the companies had added signatures for Regin to their detection database long before last month. The VirusTotal website has a signature for Regin as of 2011. Both Microsoft security and F-Secure started detecting and removing it that year as well. Symantec has protected its users against Regin since 2013, although it certainly added the VirusTotal signature in 2011.

 

Entirely separately and seemingly independently, all of these companies decided not to publicly discuss Regin’s existence until after Symantec and the Intercept did so. Reasons given vary. Mikko Hyponnen of F-Secure said that specific customers asked him not to discuss the malware that had been found on their networks. Fox IT, which was hired to remove Regin from the Belgian phone company Belgacom’s website, didn’t say anything about what it discovered because it “didn’t want to interfere with NSA/GCHQ operations.”

 

My guess is that none of the companies wanted to go public with an incomplete picture. Unlike criminal malware, government-grade malware can be hard to figure out. It’s much more elusive and complicated. It is constantly updated. Regin is made up of multiple modules—Fox IT called it “a full framework of a lot of species of malware”—making it even harder to figure out what’s going on. Regin has also been used sparingly, against only a select few targets, making it hard to get samples. When you make a press splash by identifying a piece of malware, you want to have the whole story. Apparently, no one felt they had that with Regin.

http://www.technologyreview.com/view/533136/antivirus-com...

we have information that there are newer versions of Regin and that there would also be a Regin version for Linux and Unix machines - but as you should have understood from the article above - our sources are not allowed to talk nor to give us such versions 

but fox-it said so also because it calls Regin something that is made up of modules and something that is a platform and that nobody has all the different parts 

this is why a working group Regin would have have to be formed between the different biggest security companies 

the sensationalistic stories from the AV companies that have come out with some information pose more questions than they give answers and should make us feel safe because they discover some files, some destinations or some functions of the virus 

at the same time some antivirus softwares seem to be much stricter about the process of normal software and are giving in a complicated network with an enormous list of different old and diverse software big problems because they are starting to block processes and files that they didn't even look at before

this means that the functionality of whitelists and program management is a necessary part of any securitypackage that you would install nowadays in your businesscritical environment 

Permalink | |  Print |  Facebook | | | | Pin it! |

The comments are closed.