This article is from the source 'bbc' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at http://www.bbc.co.uk/news/technology-30145265

The article has changed 3 times. There is an RSS feed of changes available.

Version 0 Version 1
'Sophisticated' Regin spyware spotted 'Sophisticated' Regin spyware spotted
(35 minutes later)
An "extremely complex" and "stealthy" spying program has been stealing data from ISPs, energy companies, airlines and research-and-development labs, a security company has said.An "extremely complex" and "stealthy" spying program has been stealing data from ISPs, energy companies, airlines and research-and-development labs, a security company has said.
With a "degree of technical competence rarely seen", Regin had probably taken years to develop, Symantec said.With a "degree of technical competence rarely seen", Regin had probably taken years to develop, Symantec said.
And a nation state may have written it to serve its spying agencies' needs.And a nation state may have written it to serve its spying agencies' needs.
The program had been used in "systematic spying campaigns" over the past six years, Symantec said.The program had been used in "systematic spying campaigns" over the past six years, Symantec said.
Regin slowly infiltrated its targets, taking care at each stage to hide its tracks, the company said.Regin slowly infiltrated its targets, taking care at each stage to hide its tracks, the company said.
"Many components of Regin remain undiscovered and additional functionality and versions may exist," it added."Many components of Regin remain undiscovered and additional functionality and versions may exist," it added.
"Its design makes it highly suited for persistent, long-term surveillance operations against targets.""Its design makes it highly suited for persistent, long-term surveillance operations against targets."
Victims had been infected using spoofed versions of well-known websites, it said in a detailed analysis. Jason Steer, director of technology strategy at security firm FireEye, said: "These types of toolkits have existed for a few years now."
In a blogpost, security company F-Secure said it had first encountered Regin in 2009 after investigating what was making a server on the network of one of its customers crash repeatedly. He added: "It's a challenge to the whole security industry as to how they find these malicious and sophisticated pieces of code,"
Security firms were better at spotting such things even though Regin and its ilk were built to fool modern-day tools that look for malicious programs and monitor activity to spot anything suspicious. The techniques Regin used to sneak on to a network and communicate with its creators were very complicated, he said.
"It's clearly been written by someone that has much more than making money in mind," he said.
Mr Steer said the tip-offs about Regin and similarly sophisticated threats often came from government agencies who kept an eye on the cyber spying capabilities of both friendly and hostile nations.
Recovering files
Victims had been infected via spoofed versions of well-known websites and by exploiting known vulnerabilities in web browser software, said Symantec in a detailed analysis.
In a blogpost, security company F-Secure said it had first encountered Regin in 2009 after investigating what was making a server on the network of one of its customers crash repeatedly. Closer investigation revealed the culprit to be Regin which was attempting to insert itself into the heart of the software controlling the server.
Chief research officer Mikko Hypponen said: "Finding malware of this calibre is very rare.Chief research officer Mikko Hypponen said: "Finding malware of this calibre is very rare.
"We're still missing big parts of the puzzle.""We're still missing big parts of the puzzle."
"Nevertheless, it's obvious this is a very complicated malware written by a well-equipped nation-state." He added that the malware did not look like it originated in China or Russia - the usual places such programs are believed to originate from. "Nevertheless, it's obvious this is a very complicated malware written by a well-equipped nation-state." He added that the malware did not look like it originated in China or Russia - the places suspected of creating many other stealthy, spying programs.
Symantec said it had captured the first copies of Regin in a small number of organisations between 2008 and 2011.Symantec said it had captured the first copies of Regin in a small number of organisations between 2008 and 2011.
Soon after, the malware had appeared to have been withdrawn, but a new version found in 2013 was now being actively used.Soon after, the malware had appeared to have been withdrawn, but a new version found in 2013 was now being actively used.
Only about 100 victims of Regin have been identified. Only about 100 Regin infections have so far been identified.
It is believed to provide the ability to:It is believed to provide the ability to:
"These types of toolkits have existed for a few years now," said Jason Steer, director of technology strategy at security firm FireEye. "We're getting smarter at figuring out what they do and how they work." Symantec said that Regin had a lot in common with other malicious programs such as Flame, Duqu and Stuxnet, also thought to be written by nation states to aid their spying efforts.