Wednesday, 28 January 2015

Kaspersky: NSA Involved Regin Malware


The US National Security Agency is involved or responsible for the advanced Regin-malware , according to the Russian anti-virus firm Kaspersky Lab. The virus fighter relies on an analysis of the virus code and files that were leaked by whistleblower Edward Snowden.

The German newspaper Der Spiegel published the documents ( pdf ) and files on 17 January this year. Under the leaked files also contained a keylogger codenamed QWERTY that would be developed by the NSA. Researchers analyzed this keylogger and discovered that the code is identical to a plug-in of the Regin malware. The researchers noted that the QWERTY keylogger can not be used as a separate module, but is dependent on functionality that is provided by a Regin module.

"Given the extreme complexity of the Regin platform and the small chance that it can be imitated by someone who has no access to the source code, we conclude that the developers of the QWERTY malware and Regin developers are the same or collaborate" says research director Costin Raiu. Previously suggested the Dutch security firm Fox-IT that the malware was created by the NSA or British secret service GCHQ.

Regin, according to Symantec's already in use since 2008, while Kaspersky Lab even a compilation date of 1999 saw over.Include Belgacom and an employee of the German Chancellor Angela Merkel would be attacked by the malware. The espionage malware used a variety of techniques to avoid detection. So it is still unknown how Regin infects computers."Regin stands alone. It is certainly more complex than Stuxnet and Flame when it comes to the design of the platform, functionality and flexibility," Raiu had previously know.

QWERTY 20123.sys:
0ed11a73694999bc45d18b4189f41ac2 (Virustotal Link)

Regin 50251 plugins:
c0de81512a08bdf2ec18cb93b43bdc2d
e9a43ea2882ac63b7bc036d954c79aa1

No comments:

Post a Comment