G DATA publishes tool against spyware Regin

Regin attacks companies, organisations, researchers and authorities

12/01/2014 | Bochum (Germany) 

The security experts of German IT security provider G DATA immediately analysed the highly sophisticated Regin spyware, and found out that the highly complex spyware has been in active use since at least March 2009. Now, G DATA is the first IT security provider worldwide to make available a script that can identify files created by the malware, irrespective of the security solution used. According to the analysis team, Regin is just as dangerous as previously discovered spyware such as Uroburos, Stuxnet or Duqu. G DATA security solutions detect and block Regin.

Possible state sponsored spyware

"Regin is a complex and highly sophisticated spyware that enables attackers to gain full control and monitor everything in a network," explains Eddy Willems, G DATA Security Evangelist. "We think this malware was originally created by a secret service because implementing such malware requires immense amounts of time and money."

G DATA script detects the spyware

The G DATA SecurityLabs have responded immediately and developed a script that can be used independently of the security solutions used in order to identify files created and used by Regin on infected systems. The script detects virtual file systems created by Regin and raises the alarm. Version 2 of the Python program is required to execute the script: www.python.org
The script is designed specifically for IT managers and experts.

What is Regin?

Spyware Regin is designed to steal highly sensitive and secret information from high-potential networks such as state institutions, intelligence services or large companies and to monitor the attack targets. At present, we are aware of attacks on targets in 18 countries, including Germany, Russia, Syria and India.

For detailed information on Regin and the link to the script, see the
G DATA Security Blog.

Daniëlle van Leeuwen