New
#1
Why did it take AV giants YEARS to drill into super-scary Regin?
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds... • The RegisterVikram Thakur, senior manager at Symantec's security response team, told The Register on Tuesday that the reason his firm took so long to disclose the malware is down to a couple of factors.
Firstly, the Windows-targeting malware is so complex, Symantec wasn't sure exactly what it was dealing with, since the authors have been very good at concealing it and changing it. Secondly, it was just one of thousands of samples of malicious code the company discovers and processes every month.
"Even today, I'm very certain we don't have every possible angle of Regin uncovered and I think there are a number of components that we don’t know about yet," he said.
Symantec started studying Regin late last year after it detected a few cases of infections. The total number of compromised PCs is barely a hundred, we're told, so there was a small sample of builds to study. When checking back through its logs of scanned files, the firm found some Regin tools had been in operation since 2008.
It's likely other security firms stumbled across similarly puzzling infections, Thakur said. Kaspersky claims it found cases of Regin a decade ago and has been actively tracking it for three years, and F-Secure says it saw builds five or six years ago. It's assumed the pair decided to publish their in-depth research in response to Symantec going public.
...
Closing words
"The possibilities for Regin are now twofold," Thakur concluded. "The first is that now people are aware of Regin it might make the authors abandon the code completely. Alternatively they could revamp the malware to the point where it's undetectable."