Security Response Publications

Symantec Security Response is a worldwide team of security engineers, threat analysts, and researchers who develop a variety of content on the latest threats that impact organizations and end users.
Archives
Security Response Whitepapers

Regin: Top-tier espionage tool enables stealthy surveillance

An advanced piece of malware, known as Regin, has been used in systematic spying campaigns against a range of international targets since at least 2008. A back door-type Trojan, Regin is a complex piece of malware whose structure displays a degree of technical competence rarely seen. Customizable with an extensive range of capabilities depending on the target, it provides its controllers with a powerful framework for mass surveillance and has been used in spying operations against government organizations, infrastructure operators, businesses, researchers, and private individuals.

Backdoor.Regin is a multi-staged threat and each stage is hidden and encrypted, with the exception of the first stage. Executing the first stage starts a domino chain of decryption and loading of each subsequent stage for a total of five stages. Each individual stage provides little information on the complete package. Only by acquiring all five stages is it possible to analyze and understand the threat.

22 pages, 3.4 MB (PDF)
Symantec Security Response offers white papers on a range of issues relating to Internet security. These are provided in .pdf format for your convenience.

White Papers Archive 2010 - 1997