“An advanced spying tool, Regin displays a degree of technical competence rarely seen and has been used in spying operations against governments, infrastructure operators, businesses, researchers, and private individuals.”- Symantec

The newest piece of super sophisticated spyware, rivaling Stuxnet has been discovered lurking on computers in many sectors (Symantec’s pic 1) and in many places (Symantec pic 2).

This happened between 2008-2011 and the vector (how the computers became infected) is unclear. Telcoms were targeted so telephone conversations were probably intercepted.

There are apparently dozens of Regin payloads, as well, with highly specialized targets for information collection. It, like Stuxnet uses modules.

“The threat’s standard capabilities include several Remote Access Trojan (RAT) features, such as capturing screenshots, taking control of the mouse’s point-and-click functions, stealing passwords, monitoring network traffic, and recovering deleted files.

More specific and advanced payload modules were also discovered, such as a Microsoft IIS web server traffic monitor and a traffic sniffer of the administration of mobile telephone base station controllers.” – ibid

How it’s structured:

It also maintained a very low profile…to stay around and suck up goodies for years.

So, There’s no tool yet to see if you’re compromised or not, and Symantec believes that there remain many undiscovered components…so this thing is just getting started.

More power to Norton for finding this.

Source:

http://www.symantec.com/connect/blogs/regin-top-tier-espionage-tool-enables-stealthy-surveillance