Highly Advanced Backdoor Trojan Cased High-Profile Targets For Years

An anonymous reader points out this story at Ars about a new trojan on the scene. Researchers have unearthed highly advanced malware they believe was developed by a wealthy nation-state to spy on a wide range of international targets in diverse industries, including hospitality, energy, airline, and research. Backdoor Regin, as researchers at security firm Symantec are referring to the trojan, bears some resemblance to previously discovered state-sponsored malware, including the espionage trojans known as Flame and Duqu, as well as Stuxnet, the computer worm and trojan that was programmed to disrupt Iran's nuclear program. Regin likely required months or years to be completed and contains dozens of individual modules that allowed its operators to tailor the malware to individual targets.

Linux is a monoculture.

Linux may not have been a monoculture back in the 1990s, but it's not the 1990s any longer!

All of the major distros are basically the same these days. The kernel is the same. The file system layout is the same. The package managers are either RPM or APT. Now that Debian and Ubuntu will switch or have switched, all of the major distros but Slackware (if it's even a "major" distro these days!) use or support systemd. They use pretty much the same userland software.

If Linux really wasn't a monoculture, then security incidents like the ones involving bash and OpenSSL earlier this year wouldn't have been as widespread as they were.

Not using systemd was the one thing that differentiated Debian and Ubuntu from Fedora, CentOS, RHEL, openSUSE, and the other distros. Now Debian and Ubuntu are basically clones of those other systems. The main different now is whether you type "apt-get" or "yum" to install packages! That's no difference at all, really.

The BSDs are the only family of OSes where there's some diversity left. But even they are still very similar in many ways.

Re:Microsoft Windows only

[Rich0]

targeted attacks like this are OS agnostic,

Correct, provisionally - targeted attacks are OS agnostic - if designed to be OS agnostic.

In the case of Regin (did you even read the lead before shooting your idiot mouth?) it is not OS agnostic. It affects Windows only. So does Stuxnet

His point was that Regin attacks Windows because the people that the authors of Regin were trying to attack run Windows.

If the targets of Regin ran Linux, then Regin would attack Linux. Instead of using one of the dozens of Windows zero-days out there, they'd use one of the dozens of Linux zero-days out there. No, I can't cite them - they wouldn't be zero-days if I could.

Analysis White Paper

[Fnord666]

Here is a link to the analysis white paper about Regin published by Symantec. An interesting read and it does look very similar to Duqu in structure.