An advanced, malicious software application has been uncovered that has spied on private companies, governments, research institutes and individuals in 10 countries since 2008, antivirus software maker Symantec Corp said in a report on Sunday.

The California-based maker of Norton antivirus products said its research showed that a “nation state” was likely the developer of the malware, Regin, but Symantec did not identify any countries or victims. Symantec said Regin’s design “makes it highly suited for persistent, long-term surveillance operations against targets”. The program was apparently withdrawn in 2011, but resurfaced in 2013.

The malware uses several stealth features and “even when its presence is detected, it is very difficult to ascertain what it is doing”, according to Symantec. “Many components of Regin remain undiscovered, and additional functionality and versions may exist.”

Almost half of all the infections occurred at the addresses of internet service providers, the report said. The targets were the customers of companies rather than the companies themselves. About 28% of targets were in telecoms, while other victims were in the energy, airline, hospitality and research sectors.

Symantec described the malware as having five layers, each “hidden and encrypted, with the exception of the first stage”. It said: “Each individual stage provides little information on the complete package. Only by acquiring all five stages is it possible to analyse and understand the threat.“

Regin uses what is called a modular approach that allows it to load custom features tailored to targets, the same method applied in other malware, such as Flamer and Weevil (the Mask). Some of its features were similar to Duqu malware, uncovered in September 2011 and related to a computer worm called Stuxnet, discovered the previous year.

Cybersecurity is a sensitive topic for businesses in the United States, where there have been several breaches of major companies and customer information. The US government and private cyber-intelligence firms have said they suspect that state-backed hackers in China or Russia may be responsible.

Symantec said Russia and Saudi Arabia accounted for about half of the confirmed infections of the Regin malware. The other countries affected were Mexico, Ireland, India, Iran, Afghanistan, Belgium, Austria and Pakistan.

Quote from: E̲n̲ga̲ge̲d̲T̲u̲r̲k̲e̲y on November 29, 2014, 04:03:04 PM

Cyberwarfare is scary as hell. It's not inaccurate to say there's a very quiet cold war going on between many powerful countries over cyberwarfare capabilities.

All our governments are at war with each other in some way.

It'd just be too much to ask for all of us to work together and share this floating ball in space. Nah, that'd just be stupid.