Computer spying malware uncovered with 'stealth' features: Symantec
Ron Czapala
Posts: 2,418
https://www.yahoo.com/tech/s/computer-spying-malware-uncovered-stealth-features-symantec-170754075--finance.html
Excerpt
Reuters) - An advanced malicious software application has been uncovered that since 2008 was used to spy on private companies, governments, research institutes and individuals in 10 countries, anti virus software maker Symantec Corp said in a report on Sunday.
The Mountain View, California-based maker of Norton anti virus products said its research showed that a "nation state" was likely the developer of the malware called Regin, or Backdoor. Regin, but Symantec did not identify any countries or victims.
Symantec described the malware as having five stages, each "hidden and encrypted, with the exception of the first stage." It said "each individual stage provides little information on the complete package. Only by acquiring all five stages is it possible to analyze and understand the threat."
EDIT: http://fortune.com/2014/11/23/regin-malware-surveillance/?xid=yahoo_fortune
Excerpt
Reuters) - An advanced malicious software application has been uncovered that since 2008 was used to spy on private companies, governments, research institutes and individuals in 10 countries, anti virus software maker Symantec Corp said in a report on Sunday.
The Mountain View, California-based maker of Norton anti virus products said its research showed that a "nation state" was likely the developer of the malware called Regin, or Backdoor. Regin, but Symantec did not identify any countries or victims.
Symantec described the malware as having five stages, each "hidden and encrypted, with the exception of the first stage." It said "each individual stage provides little information on the complete package. Only by acquiring all five stages is it possible to analyze and understand the threat."
EDIT: http://fortune.com/2014/11/23/regin-malware-surveillance/?xid=yahoo_fortune
Comments
Apparently neither. They're not pointing fingers too strongly at this point, but according to the Kaspersky whitepaper, there are a few mistakes internally that point to English-speaking coders.
They do make a point that deployment is not (so far) found in te US, and it appears to be targeted to specific individuals and groups. If either Russian or Chinese it should have at least some victims here. They don't show any victims of it in the US.
English tends to be a defacto coding language regardless of country of origin. After all, this all started with ASCII or EBDIC with everyone learning C. I have never seen a program coded in Russian Crylic or Chinese characters.... any examples?
It seems that anyone doing all those layers of cover would just use English to obscure origin as well.
Way back in the early 1980's one of my contracts involved working on code supplied by Nokia. Way before mobile phone days. There was tons of C and assembler source code with comments and variable names in Finnish and Swedish. Me, stupid English only speaking guy, had to figure out what it all meant.
Moving forward a couple decades to actually working for Nokia and other local companies I see that the local language features in the source code a lot.
But, thing is, mostly none of that makes it into the delivered executable where there are no comments or symbol names to be seen. Unless they accidentally left the debug info options on when compiling.
As for Crylic or Chinese characters that rather depends on what you can get the compiler to accept as source. Old language compilers only thought about 8 bit characters. Perhaps good enough for European languages.
How about this in Greek JavaScript ?:
If you would actually read about the exploit, it has nothing to do with targeting Windows, but targeting specific individuals at specific organizations, using -- in this unique case -- Windows. That doesn't mean there aren't similar exploits developed for Mac OSX, Android, or anything, else. They just haven't been identified yet, or not yet made public.
Of course, five minutes of your own research would have turned up all of this.
I read the article completely and even saw a duplicate copy today in Taiwan's English language paper, "The Taipei Times" which I reread.
Yes indeed, all the assertions and facts that are published insinuate that this is originating out of an English language Western power. You prefer to believe what you read, I prefer to question whatever is providing a compelling argument by considering the source.
The unstated message is that the USA is the likely source of this bit of mischief. That may be true or untrue, but the reader is certainly pointed toward that conclusion.
I just have to wonder what the real motive for insinuating such.... a public service or pump up paranoia to increase sales of AV software..
Personally, I went over to Linux so that I no longer had to listen to the paranoia barrage that comes out of Norton and others. The reality is I leave my computers off when I am not using them, the issues involved are on a nation to nation basis, and the USA, China, and Russia have all been doing pretty much what they darn well please... regardless of international agreements and memorandums of understanding.
One might as well accept that all the major nations that are permanent members on the UN Security Council are exploiting the internet as best they can. We also have a few other players that want to break into the spy big time; such as Israel, Iran, and so on.
I just presume that the NSA, the CIA, and others don't have time to fool with my drivel.
It could not be the USA, the CIA reportedly said they stopped after using Stuxnet on Iran.
Then question it with information actually at hand. Why mention the use of non-Roman alphabets if it's not part of the story? In all this research you did, where did you read that the program used anything other than Roman characters? That's what I was referring to. You have this habit of bringing up random points that no one else has suggested.
Your personal computing choices have absolutely nothing to do with this story. This isn't about you. You don't need to bring it up in every other thread you participate in.
Do not start personal attacks of any nature, or your posts will be moderated.
Do not bring up government agency involvements, secret plots, or introduce any other sort of fear-mongering speculation or this thread will be locked.
I do understand the desire not to have these forums derailed by political agendas and conspiracy theories.
But, at some point us happy geeks in our happy geek world of resistors, capacitors, transistors, microcontrollers and computers have to talk about where we are going with all this. We are all, in some small way, contributing and enabling the state of the world as it is. For good or bad.
If on every technical forum, such as this, these debates get locked out then we have no voice. Except to join some other non-technical forum where the political and conspiracy gibberish is the norm.
Where are geeks supposed to go to express their feelings?
Of primay interest to me is the fact that this software is out there, and the technical nature of it. There has got to be more out there too, and who produces it is also interesting, as well as how.
The more we know, the more informed our personal choices are, and that seems to be a worthy discussion too.
I harbor no illusions about the idea of this kind of thing not happening. It is just going to. No getting around that.
The politics of it all are painful. No question.
Getting educated about it isn't, and I would prefer and welcome and am seeking analysis that will help me to better understand so that I make better, informed choices.
Keep in mind that while this topic is interesting and important to you, it could be (or become) offensive to others. In an effort to keep our forums friendly to all we will moderate as necessary.
Ray
I don't see that as political, though, but maybe that's because I hold a fascination regarding the ingenuity involved in creating tools of espionage, glossing over what they're actually designed to do. I liken it to studying the history of warfare. There's nothing on the planet more ugly, yet it continues to be a topic of interest for many. I think it's because the more we know about it, the more likely we can avoid it in the future.
I especially apologize to George/Loopy for being snippy. (Especially as we might even be related -- though his side of the family got all the money!)
Commercial OSes do tend to push the user into buying more and becoming more dependent on the given OS. I grew weary of spending money without getting good results.