Índice del Foro RevoluciónAlDía.org ¡Chávez Vive! RevoluciónAlDía.org ¡Chávez Vive!

La "MUD" obtuvo un crédito, que no lo despilfarre! RAD MÁS CHAVISTAS QUE SIEMPRE!! "Los guerreros ante la derrota: se repliegan, reorganizan, reflexionan y vuelven a la ofensiva" Miguel R.Torres

 
 F.A.Q.F.A.Q.   BuscarBuscar   Lista de MiembrosLista de Miembros   Grupos de UsuariosGrupos de Usuarios   RegístreseRegístrese 
 PerfilPerfil   Identifíquese para revisar sus mensajesIdentifíquese para revisar sus mensajes   ConectarseConectarse 

Regin Malware

 
Publicar Nuevo Tema   Responder al Tema    Índice del Foro RevoluciónAlDía.org ¡Chávez Vive! -> Up-to-date with the Revolution
Ver tema anterior :: Ver siguiente tema  
Autor Mensaje
bolchevique
Usuari@ Expulsad@


Registrado: 31 Mar 2008
Mensajes: 1721
Ubicación: Caracas

MensajePublicado: Mar Dic 02, 2014 9:04 am    Título del mensaje: Regin Malware Responder citando



Systems Affected

Microsoft Windows NT, 2000, XP, Vista, and 7


Overview

On November 24, 2014, Symantec released a report on Regin, a sophisticated backdoor Trojan used to conduct intelligence-gathering campaigns. At this time, the Regin campaign has not been identified targeting any organizations within the United States.


Description

Regin is a multi-staged, modular threat—meaning it has a number of components, each dependent on others to perform an attack. Each of the five stages is hidden and encrypted, with the exception of the first stage. The modular design poses difficulties to analysis, as all components must be available in order to fully understand the Trojan.


Impact

Regin is a remote access Trojan (RAT), able to take control of input devices, capture credentials, monitor network traffic, and gather information on processes and memory utilization. The complex design provides flexibility to actors, as they can load custom features tailored to individual targets. [1 (link is external)]


Solution

Users and administrators are recommended to take the following preventive measures to protect their computer networks:

Use and maintain anti-virus software – Anti-virus software recognizes and protects your computer against most known viruses. It is important to keep your anti-virus software up-to-date (see Understanding Anti-Virus Software for more information). [ https://www.us-cert.gov/ncas/tips/ST04-005 ]
Keep your operating system and application software up-to-date – Install software patches so that attackers can't take advantage of known problems or vulnerabilities. Many operating systems offer automatic updates. If this option is available, you should enable it (see Understanding Patches for more information).
_________________
"... Ustedes saben qué hacer. ¡Simplemente tomen el poder en toda Venezuela, absolutamente todo, barran a la burguesía de todos los espacios políticos y económicos y profundicen la revolución!"
Volver arriba
Ver perfil del usuario Enviar mensaje privado
bolchevique
Usuari@ Expulsad@


Registrado: 31 Mar 2008
Mensajes: 1721
Ubicación: Caracas

MensajePublicado: Mar Dic 02, 2014 9:10 am    Título del mensaje: Responder citando

Regin Malware: Its Targets and How You Can Detect It

n the 24th of November 2014, a major anti-malware vendor released a report concerning a long running piece of backdoor Trojan malware, now called “Regin.” We at Tenable Network Security were aware of this report on the Sunday before the release, and looked forward to reading the technical analysis. The report went into great detail and we were able to leverage it to discuss multiple indicators of compromise (posted in our Discussion Forums) which will help you see if your systems are compromised. We have also created a new dashboard for our SecurityCenter Continuous View™ customers to detect and monitor for Regin indicators.
Attack targets

Fortunately, most people reading this blog will not have to check for infection. This piece of malware, while highly advanced, is not wide spread. In all probability, Regin is a state-sponsored piece of “espionageware,” a class of malware that is being sponsored by states to spy on other states, not to drain your personal bank book, to harvest bitcoins, or in any other way adversely impact individual computer and Internet users. While some of its functions (such as acting as a proxy for other Regin infected hosts) may impact machines that they are hosted on as an unintended consequence, Regin is not targeted at the end user.

But according to the reports, infection is distributed across unexpected sectors. While Regin isn’t designed to perform malicious actions against individual users, those users and small businesses make up the bulk (48%) of the infected parties. Telecom backbones are the second largest sector, making up 28% of the infected systems.

Some people have compared Regin to Stuxnet for its complexity. Regin does display a high level of sophistication and multiple layers of activities, combined with encryption both in the files and the communications channels. What we can say for certain is that writing this malware took time and energy not normally associated with malware authorship. While there are indications that Regin has been active for the last six years, it’s worth noting that it wasn’t discovered until an update was made in 2013.
_________________
"... Ustedes saben qué hacer. ¡Simplemente tomen el poder en toda Venezuela, absolutamente todo, barran a la burguesía de todos los espacios políticos y económicos y profundicen la revolución!"
Volver arriba
Ver perfil del usuario Enviar mensaje privado
bolchevique
Usuari@ Expulsad@


Registrado: 31 Mar 2008
Mensajes: 1721
Ubicación: Caracas

MensajePublicado: Mie Dic 03, 2014 7:52 am    Título del mensaje: Responder citando

Further evidence of mistrust between "traditional allies"

    “Complex malware known as Regin is the suspected technology behind sophisticated cyberattacks conducted by U.S. and British intelligence agencies on the European Union and a Belgian telecommunications company, according to security industry sources and technical analysis conducted by The Intercept.”


    “Regin was found on infected internal computer systems and email servers at Belgacom, a partly state-owned Belgian phone and internet provider, following reports last year that the company was targeted in a top-secret surveillance operation carried out by British spy agency Government Communications Headquarters, industry sources told The Intercept.”


    “The malware, which steals data from infected systems and disguises itself as legitimate Microsoft software, has also been identified on the same European Union computer systems that were targeted for surveillance by the National Security Agency.”


    “The hacking operations against Belgacom and the European Union were first revealed last year through documents leaked by NSA whistleblower Edward Snowden. The specific malware used in the attacks has never been disclosed, however.”


    “Ronald Prins, a security expert whose company Fox IT was hired to remove the malware from Belgacom’s networks, told The Intercept that it was 'the most sophisticated malware' he had ever studied.”


    “In a hacking mission codenamed Operation Socialist, GCHQ gained access to Belgacom’s internal systems in 2010 by targeting engineers at the company. The agency secretly installed so-called malware 'implants' on the employees’ computers by sending their internet connection to a fake LinkedIn page. The malicious LinkedIn page launched a malware attack, infecting the employees’ computers and giving the spies total control of their systems, allowing GCHQ to get deep inside Belgacom’s networks to steal data.”


    “The implants allowed GCHQ to conduct surveillance of internal Belgacom company communications and gave British spies the ability to gather data from the company’s network and customers, which include the European Commission, the European Parliament, and the European Council.”


    “Based on an analysis of the malware samples, Regin appears to have been developed over the course of more than a decade; The Intercept has identified traces of its components dating back as far as 2003. Regin was mentioned at a recent Hack.lu conference in Luxembourg, and Symantec’s report on Sunday said the firm had identified Regin on infected systems operated by private companies, government entities, and research institutes in countries such as Russia, Saudi Arabia, Mexico, Ireland, Belgium, and Iran.”


    “Der Spiegel reported that, according to Snowden documents, the computer networks of the European Union were infiltrated by the NSA in the months before the first discovery of Regin.”
    Reply With Quote

_________________
"... Ustedes saben qué hacer. ¡Simplemente tomen el poder en toda Venezuela, absolutamente todo, barran a la burguesía de todos los espacios políticos y económicos y profundicen la revolución!"
Volver arriba
Ver perfil del usuario Enviar mensaje privado
Mostrar mensajes anteriores:   
Publicar Nuevo Tema   Responder al Tema    Índice del Foro RevoluciónAlDía.org ¡Chávez Vive! -> Up-to-date with the Revolution Todas las horas están en GMT - 4.5 Horas
Página 1 de 1

 
Saltar a:  
No puede crear mensajes
No puede responder temas
No puede editar sus mensajes
No puede borrar sus mensajes
No puede votar en encuestas




Powered by phpBB © 2001, 2005 phpBB Group