Regin detection

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Regin detection

L3 Networker

Hi All,

I understand that this bit of spyware is not well understood as to it's ultimate purpose, very hard to detect and in fact, with the media converge it has had recently I am sure whoever coded this nasty has since changed it's code/behavior.

But my question is, does or is PA able to detect any such traffic from this malicious code given that it has taken the "Security experts" years to come back with their prognosis on the code in the first place. Or is this one of those things that we just have to pray to the IT deities that we never fall under the gaze of someone who is wielding such a powerful bit of spyware?

8 REPLIES 8

L0 Member

Hi,

You can find more information here Regin Malware (regin.backdoor)

i would be interested in this as well...

No access to the link you provided though......even though i am logged in..

regards

Paul

Thanks for the link. Although I am getting "Access to this place or content is restricted"

Could you provide a working link please?

Thanks,

James

I am unable to get to the link also

L3 Networker

Anyone have any further information on this? It seems a few people would be interested in knowing.

L4 Transporter

I'm sorry to say, after doing a little research it looks like you are out of luck for now.  Researchers have yet to say how victims get infected but that the malware disguises itself as legitimate Microsoft Software. I suggest you make sure your environment is as clean as possible to cover any other exploit that may have been used to deliver it.  IE. updated OS/software, updated sigs, etc.


Edit:

Here is Symantec's whitepaper on the malware, they were the ones to discover it:

http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/regin-analysis....

They have been unable to reproduce infection but through investigation and logs they say it can be delivered through spoofed websites and such.

Thanks for coming back DZ

We use WSUS to deliver any MS updates/installs that we do. So hopefully it will help protect us to a degree.

It is just strange that there is not a lot of noise being kicked up about this by AV companies.

No problem!  The discovery of it is still less that a week old and given that it appears to be a well funded nation-state created malware it may take some time to fully investigate before they can release anything on a signature level to block it.

  • 3882 Views
  • 8 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!