Highly Advanced Backdoor Trojan Cased High-Profile Targets For Years

← Back to Stories (view on slashdot.org)

Highly Advanced Backdoor Trojan Cased High-Profile Targets For Years

Posted by samzenpus on Sunday November 23, 2014 @09:15AM from the protect-ya-neck dept.

An anonymous reader points out this story at Ars about a new trojan on the scene. Researchers have unearthed highly advanced malware they believe was developed by a wealthy nation-state to spy on a wide range of international targets in diverse industries, including hospitality, energy, airline, and research. Backdoor Regin, as researchers at security firm Symantec are referring to the trojan, bears some resemblance to previously discovered state-sponsored malware, including the espionage trojans known as Flame and Duqu, as well as Stuxnet, the computer worm and trojan that was programmed to disrupt Iran's nuclear program. Regin likely required months or years to be completed and contains dozens of individual modules that allowed its operators to tailor the malware to individual targets.

82 of 143 comments (clear)

Min score:

Reason:

Sort:

Microsoft Windows only by innocent_white_lamb · 2014-11-23 09:28 · Score: 2, Insightful

This apparently only runs on Windows.
I really don't understand why people run sensitive and critical stuff on Microsoft Windows. (I'm not trying to be a troll.) It's the world's biggest target for malware, it's a monoculture, and it has a security model that tends toward convenience over security, and was actually bolted on after-the-fact.
Unix (Linux) is about as far from a monoculture as you can get while still remaining reasonably compatible between distributions, and it was built with security in mind.

--
If you're a zombie and you know it, bite your friend!
1. Re:Microsoft Windows only by Anonymous Coward · 2014-11-23 09:36 · Score: 2, Insightful
  
  targeted attacks like this are OS agnostic, if the organisations they wanted to hack were running Linux or OSX then these would have been designed for that target instead.
2. Re:Microsoft Windows only by 93+Escort+Wagon · 2014-11-23 09:47 · Score: 1
  
  I really don't understand why people run sensitive and critical stuff on Microsoft Windows.
  Because doing so saves them both time and money - and those two factors trump everything else in their decision-making tree.
  
  --
  #DeleteChrome
3. Re:Microsoft Windows only by Anonymous Coward · 2014-11-23 09:49 · Score: 1
  
  Not having monoculture is only security thru obscurity. Basically instead of putting the key in the lock and turning clockwise to unlock it is turn it counter clockwise. It does not take long to figure it out...
  In a targeted attack it is even worse.
4. Re:Microsoft Windows only by 93+Escort+Wagon · 2014-11-23 10:01 · Score: 1
  
  No, because the same would be true if they developed on top of stock OS X or Red Hat Linux.
  Using someone else's platform as your base saves development time and money. It doesn't mean it's a smart move, but time and cost considerations seem to be all anyone cares about these days.
  
  --
  #DeleteChrome
5. Re:Microsoft Windows only by exomondo · 2014-11-23 10:02 · Score: 2, Insightful
  
  This apparently only runs on Windows.
  A targeted attack is going to run on whatever the target uses.
6. Re:Microsoft Windows only by sphealey · 2014-11-23 10:18 · Score: 1
  
  There's now an entire generation of IS/IT managers, directors, and CIOs who not only prefer Microsoft technology but have an active dislike of anything related to Unix(tm) - including but not limited to Linux(tm). And along with dislike comes distrust and contempt. They firmly believe that Microsoft provides superior technology, tools, and usability, and that to choose other technology is not only to make a mistake but to expose themselves to professional risk.
  You can disagree with them if you prefer (I tend to, myself). But people holding this set of technical preferences now makes up a substantial fraction - possibly a substantial majority - of technical decisionmakers in the US at least.
  sPh
7. Re:Microsoft Windows only by alen · 2014-11-23 10:27 · Score: 1
  
  microsoft is one price and you get a server and tools and all the features
  a lot of other products they nickel and dime you for features, the tools to manage them, etc
8. Re:Microsoft Windows only by Threni · 2014-11-23 10:28 · Score: 1
  
  You've massively missed his point. Windows has long been a joke. Pop a CD in and it just runs an exe. Pop a USB key in and it just runs an exe. Other OSes are a little more discerning.
9. Re:Microsoft Windows only by mspohr · 2014-11-23 10:37 · Score: 1
  
  Linux is one price (free) and you get a server and tools and all the features.... bonus, you are not a target for malware!
  
  --
  I don't read your sig. Why are you reading mine?
10. Re:Microsoft Windows only by sumdumass · 2014-11-23 10:38 · Score: 2
  
  You are correct, poorly trained admins will net poorly secured systems with the same or similar horrible mistakes.
  However, you are glossing over what was actually said in order to make those statements as if it was some overriding truth. The problem is that windows exposes to much of the underlying systems to programs running so exploits in power point or outlook can infect the entire machine kernel and spread to the servers via internal network support infrastructure (domain controller functions). Now much has been done in more recent versions to limit this but it still remains true for the most part.
  Part of this is because programmers write bad code to sell cheap software to people who are familiar with the ease of use of windows. In fact, this is likely why it is the most common OS out there- because it is so easy to write software and do things in that people see it as just working. Its that layer of ease which makes it easy to be exploited. Almost every anti-virus company out there worth a salt, will have complex (and sometimes simple) methods of virus removal you can look up and follow for when a virus gets past their products. It is simply impossible to completely secure windows or linux and still have a usable machine but it is easier to limit vulnerabilities on a linux or Mac system currently. This could change if they get more popular or do something stupid in the future or if malware writers decide to focus more and more on these smaller platforms. This is also why Adobe and Java was such a target for the longest of times. Cross platform and complete access.
11. Re:Microsoft Windows only by HiThere · 2014-11-23 10:43 · Score: 2
  
  Despite the "only security through obscurity" meme, you need to understand it, not just say it.
  There are only two types of security:
  1) security through obscurity,
  and,
  2) security through inaccessibility.
  They can, however, be intelligently combined.
  Please note that private key encryption is security through obscurity. Cutting the phone line is security through inaccessibility. Saying that "it's secure because they can't get the prime factors of that key" is security through obscurity.
  Despite the meme, security through obscurity is widely and properly used. What's wrong if false obscurity, which is common. If you don't properly assess just how obscure your secret is, then you have a security failure.
  So having a monoculture is reduced security, because that means that there are a much larger number of entities seeking to discover the secret...and any breach in security cannot be easily contained. If you don't have a monoculture, then a single breach cannot be as widely damaging, and is thus also less valuable to find. This is a sort of network effect.
  OTOH, a diverse community means that more effort needs to be devoted to security, because each branch is a separate thing to be maintained. So it's not all benefit or all loss, it's a mixture.
  FWIW, I choose not to have flash installed on my system, despite the fact that it would have some utility, because I consider that the weakness that it presents is not worth the benefit. The ability of refuse to have such a service installed allows increased security...at a cost. For some people the cost is higher than they are willing to pay. This reduction of the attack surface is a form of security through obscurity mixed with security through inaccessibility, i.e., I have become inaccessible to some forms of attact, and I have reduced my visibility to many attackers.
  
  --
  
  I think we've pushed this "anyone can grow up to be president" thing too far.
12. Re:Microsoft Windows only by Anonymous Coward · 2014-11-23 10:52 · Score: 1
  
  Autoruns has been disabled on Windows for years. Try flaming with something accurate. https://support.microsoft.com/kb/967715
13. Re:Microsoft Windows only by savuporo · 2014-11-23 11:35 · Score: 1
  
  >>Unix (Linux) is about as far from a monoculture as you can get
  What, like Android that has linux underneath ?
  
  --
  http://validator.w3.org/check?uri=http%3A%2F%2Fwww.slashdot.org Errors found while checking this document as HTML5!
14. Re:Microsoft Windows only by Demonoid-Penguin · 2014-11-23 11:44 · Score: 1
  
  targeted attacks like this are OS agnostic,
  Correct, provisionally - targeted attacks are OS agnostic - if designed to be OS agnostic.
  In the case of Regin (did you even read the lead before shooting your idiot mouth?) it is not OS agnostic. It affects Windows only. So does Stuxnet
  Disclaimer - I have no problem with Steve Balmer throwing chairs - as long as they're heavy, and hit idiots like you. Thanks for lowering the standard.
15. Re:Microsoft Windows only by Charliemopps · 2014-11-23 11:54 · Score: 1
  
  This apparently only runs on Windows.
  I really don't understand why people run sensitive and critical stuff on Microsoft Windows. (I'm not trying to be a troll.) It's the world's biggest target for malware, it's a monoculture, and it has a security model that tends toward convenience over security, and was actually bolted on after-the-fact.
  Unix (Linux) is about as far from a monoculture as you can get while still remaining reasonably compatible between distributions, and it was built with security in mind.
  It runs on the system the target had. How many world leaders are running linux? If it were a significant portion you can rest assured we'd start seeing these for linux as well. The fact of the matter is, if your opponent is the NSA, your OS is rather irrelevant.
16. Re:Microsoft Windows only by Rich0 · 2014-11-23 12:37 · Score: 2, Informative
  
  targeted attacks like this are OS agnostic,
  Correct, provisionally - targeted attacks are OS agnostic - if designed to be OS agnostic.
  In the case of Regin (did you even read the lead before shooting your idiot mouth?) it is not OS agnostic. It affects Windows only. So does Stuxnet
  His point was that Regin attacks Windows because the people that the authors of Regin were trying to attack run Windows.
  If the targets of Regin ran Linux, then Regin would attack Linux. Instead of using one of the dozens of Windows zero-days out there, they'd use one of the dozens of Linux zero-days out there. No, I can't cite them - they wouldn't be zero-days if I could.
17. Re:Microsoft Windows only by Kjella · 2014-11-23 13:42 · Score: 1
  
  Unix (Linux) is about as far from a monoculture as you can get while still remaining reasonably compatible between distributions, and it was built with security in mind.
  It was designed from scratch to be a multi-user system, which is neat and took Microsoft at least until UAC in 2006 to really implement. On the other hand Microsoft is the one who had a fleet of PCs that needed managing and created AD, which is the bread and butter of most corporate networks. That you can ssh in and run scripts isn't even close, I know there are third party tools to mimic some of it but there it's Microsoft that has the native advantage. And you can lock it way more down than the defaults.
  In the end, even when you work with sensitive or critical information it's about getting the job done. And here's the real deal with how it works most place. Say 100 admins choose Windows, 99 do fine and one is hit by lightning. And 100 admins choose Linux, 99 get the evil eye and one is a hero for dodging lightning. Who wins? Usually the Windows admins where shit didn't hit the fan, because the happy Windows users outnumber the miserable Linux users. Those who got pwned aren't enough to swing the overall mood.
  
  --
  Live today, because you never know what tomorrow brings
18. Re:Microsoft Windows only by bouldin · 2014-11-23 13:49 · Score: 3, Interesting
  
  Maybe you missed all the critical remote code execution vulns Microsoft announced just this month.
  https://technet.microsoft.com/en-us/library/security/ms14-nov.aspx
  Four of the bulletins above are listed as critical remote execution. Two of them (schannel and OLE vulns) are very bad. The IE bulletin says it resolves 17 privately identified bugs.
  As the previous poster said, Microsoft has placed convenience over security for many years now. They have improved dev processes a lot, but as you can see, many security folks still view MS as a liability.
  Not to stray too far from the point, but I hope Linux distros arent repeating Microsoft's mistakes with feature-laden packages like systemd and its ilk. Tons of new features in an inchoate software package with no security audits? That is how Microsoft got its reputation for insecurity.
19. Re:Microsoft Windows only by Crazy+Taco · 2014-11-23 13:57 · Score: 1
  There's now an entire generation of IS/IT managers, directors, and CIOs who not only prefer Microsoft technology but have an active dislike of anything related to Unix(tm)
  I don't know how much the "actively dislike Unix" part is true, but yes, there are a lot of IT people that prefer Windows. And there are very good reasons for that. Microsoft makes some exceptionally good products in a number of areas. Here are some examples:
  
  Visual Studio, probably the best IDE known to exist. I've used it and competitors like Eclipse, and it is MUCH BETTER than Eclipse. This alone makes a lot of devs prefer Microsoft. And as of the announcement last week, is now going Open Source.
  .Net and ASP .Net, which are better than PHP (which is like classic ASP) and WAY better than Java, which needs a security patch daily and performs like a turtle. And as of the announcement last week, .Net and ASP .Net are going fully open source and multi-platform.
  Powershell, which for management is really, really good. It's gotten to the point now where it is better than competitors like Bash. Objects in the pipeline, rather than just text, is just so much better than any other shell.
  SQL Server, which is finally reaching performance/feature parity with Oracle, but has better management tools and is generally preferred by a lot of devs.
  IIS, which in it's latest incarnation has better performance than Apache, is easier to manage and is easier to get security isolation of websites out of (I do web hosting for a living, and I can easily stack 350 sites onto IIS and have them all be completely isolated in different processes with different security accounts as well, and it's REALLY easy.
  Windows Server, which admittedly is a tossup but depending on what you want may cause IT people to prefer it. It admittedly doesn't run on as much variety of hardware as Linux or scale up to supercomputers like Linux, but really is a very competent OS that is simple to manage and has probably the largest ecosystem of software written for it.
  In summary, I don't get the bashing of Windows or all the "My Linux is teh best!" kind of comments. Linux has it's strong points as an OS, but Microsoft does too, and they have some fantastic products out there that can handily beat some open source equivalents. Depending on your workload, it can be very appropriate to prefer Microsoft products. (Of course, I'll be the first to say Microsoft has it's terrible products too... Network Load Balancer anyone? Linux based load balancers like F5 beat the pants off that thing.)
  --
  Beware of bugs in the above code; I have only proved it correct, not tried it.
20. Re:Microsoft Windows only by cavreader · 2014-11-23 14:48 · Score: 1
  
  Competent system administration, service pack management, e-mail security measures, effective firewall administration, and strictly enforced limitations on what an employee can access via the internet can substantially reduce the impact of even the most serious application related exploits. The majority of malware today uses social engineering as it's attack vector but there are ways to prevent this in any company willing to invest in employee training and creating specific guidelines that even the most computer illiterate employee can understand. Most employees do not need unrestricted access to the Internet to do their jobs. Even companies using outgoing/incoming keyword blocking, black lists, white lists, and domain blocking at the firewall level are often to liberal and never updated fast enough to keep up with the fast paced and ever changing threat environment. If a particular internet site or service is needed by the employees those sites can be evaluated by a knowledgeable IT security professional to determine the risk of allowing employee access.
  Stuxnext actually required someone to infiltrate (most likely an Iranian asset being paid by the US or Israel) the physical plant to insert a thumb drive to infect the Iranian nuclear centrifuge laboratory network. Not to mention physically breaking in to 2 companies in adjacent office parks located in Japan to steal the security certificates that were used in in conjunction with a Windows 0-day exploit to unleash Stuxnext. That is an extreme example but allowing employees to plug in their own USB or other external devices into corporate network is stupidity of the highest order since that would allow any malware or viruses to completely bypass any of the border security measures. And a big part of proper system administration is putting any internally developed applications under a microscope before pushing them into a production environment geared for public use. Developers are notorious for thinking the application standards and security practices do not apply to them since they think know what they are doing. Application development managers are notorious for cutting corners after incorrectly planning and managing internal development projects. Most of the operating systems today are about as secure as they can be and still be able to actually run applications. Especially legacy applications that would not work under a new security paradigm because even the most aggressive sand boxing schemes have exploitable weaknesses. If a company does require the use of the internet communication infrastructure they should require, without exception, that only VPN connections be used. Network access and activity logs should be scrutinized by configurable automated utilities to raise warning flags as soon as possible if suspicious traffic or activities are detected. But even all these common sense precautions will not stop a determined and well funded organization from attempting to exploit your systems. However it does make it harder and a lot more expensive to attempt. It also makes the exploit attempts more noticeable. The various international security agencies can place human assets inside any company they want to facilitate their activities and that tactic is almost impossible to counter since all national security services of note can manufacture identification documents and employee backgrounds that will hold up under any scrutiny a company or government may employ during the hiring process. You can bet that every major internet company such as Google, Facebook, Twitter, MS, Yahoo, Cisco, Intel, Mozilla, Apple, Nokia, Verizon, AT&T, Sprint, Samsung, and all the other similar companies have intelligence agents from various nations embedded in their staffs. It's the easiest and cheapest way to guarantee access to whatever they want. Outside of real time signal intelligence monitoring operations in areas of immediate interest around the world placing human assets on the inside of these companies is the easiest, cheapest, and most effective means of bypassing security precautions and gathering all the information they want.
21. Re:Microsoft Windows only by WuphonsReach · 2014-11-23 15:25 · Score: 1
  
  That meme "security through obscurity" only really applies in cases of improper reliance on "security via obscurity", once the secret is known - the system is insecure and anyone can access it.
  
  Examples of this would be "hand rolled encryption algorithm that we hide in a black box", "secret handshakes", "back doors which are left unlocked".
  
  --
  Wolde you bothe eate your cake, and have your cake?
22. Re:Microsoft Windows only by WuphonsReach · 2014-11-23 15:28 · Score: 1
  
  microsoft is one price and you get a server and tools and all the features
  
  That's a good one, go ahead and pull my other leg while you're trying to spin that for Microsoft.
  
  Microsoft licensing is a nightmare. Just look at the segments for the desktop operating system. Or try to figure out which version of MS Office you need and whether a volume license will save you money (and whether you'll be in compliance). The server-side is no different with the different restrictions on the different variants of Windows Server, SQL Server, etc.
  
  (They're still a babe in the woods compared to some other vendors like Oracle, but they're trying to catch up.)
  
  --
  Wolde you bothe eate your cake, and have your cake?
23. Re:Microsoft Windows only by neonsignal · 2014-11-23 18:35 · Score: 1
  
  The term "security through obscurity" is usually defined to refer to obscuring the design of a system, not to key secrecy. The difference is that the secrecy of keys provide a measurable barrier to brute force attacks. This is fundamental to the design of encryption systems, since we want to formally distinguish what must be kept secret from what is revealed.
  I agree with your point about minimizing attack surfaces.
24. Re:Microsoft Windows only by benjymouse · 2014-11-23 20:33 · Score: 1
  
  It's the world's biggest target for malware, it's a monoculture, and it has a security model that tends toward convenience over security
  Yes - the "dragnet" attacks tends to go after the most victims. If your attack has a certain chance of succeeding (like a social engineering attack), you'd be stupid to go after the 1% instead of the 90%. Now, in a *targeted* attack where the attacker singled out a specific victim or group of victims - the attacker will go after whatever those targets use.
  
  and was actually bolted on after-the-fact.
  Nope. The current strain of Windows was created from scratch with the present security model from the get-go. The security model is based on tokens and it was designed to be extensible from the start. Also from the start, the designers envisioned that a process or even a thread could have a token *different* from the user token - i.e. a process could run with permissions/privileges different from the user.
  The Windows security model also goes beyond the naive file system-focused model where only file system-like objects were seen as important to secure. In Windows - from the start - all system objects (files, directories, windows, processes, threads, shared memory regions, mutexes, users, groups etc) are accessed through object-oriented handles. When you open a handle you specify the access you request, where each object type has it's own access types. The security check is performed right there when opening the object - instead of on each syscall. If the access you request is granted, a system object is created with a jump table (think virtual method table) where the functions you requested access are mapped to the actual system functions, and the other functions mapped to "denied". The upshot of this is that even though Windows has a much more advanced security model which could make security checks more involved, it will usually perform better because it does *not* have to check security permissions on each syscall.
  Contrast that with Unix/Linux where the security model initially only considered file system objects. There were only 2 levels: regular users and root, and a large number of functions could only be performed by root. When it was realized that other system types might also need security descriptors, the existing file system was "adapted" by "mapping" non-file system objects to become file system-like. Talk about bolted on!
  The Unix/Linux security model is also the only one with a deliberate drilled hole: The SUID/setuid. Here you have a too limited model where regular users are unable to perform perfectly reasonable functions, like changing their own passwords. So what do you do? You let them run as the only user that *can* perform the function, and pray that the process somehow prevents them from performing any of the other functions root can do while running they are running as root. This is a blatant violation of the least privilege principle, but it is now deeply engraved in all Unix systems. Needless to say that this is the most common path for pwning Unix/Linux systems, going all the way back.
  The Unix/Linux model was so bad that NSA had to create SELinux (talk about bolted-on!) which creates it's own competing security "context" (a token). When you want to audit the security of a Unix/Linux system you have to consider 3 competing models: 1) The "original" file-system oriented discretionary model with the SUID hole, 2) the sudoers and 3) SELinux/apparmor or whatever has been bolted on the top.
  Especially 1) and 2) are worrying, because it is neigh impossible to audit those sufficiently as long as just a single SUID/sudo command is allowed: How do you (as an auditor) know *what* the SUID/sudo command can actually do? Did *you* install the executable, did *you* monitor the compilation from source? What *other* things can ps or even ping do that you don't know about? If I hold up a file or point to a process on your system as
  
  --
  Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
25. Re:Microsoft Windows only by thegarbz · 2014-11-23 21:08 · Score: 1
  
  I really don't understand why people run sensitive and critical stuff on Microsoft Windows.
  What's my other option?
  You're under the mistaken assumption that people get a choice on what OS they run, as opposed to go out to major vendors with a request for proposal for, uber critical database, control system PCs, hospital records machine etc. and the vendors come back with a proposed package. You don't get a choice what package this runs on. In many cases you are given an entire PC / server setup with the package ready to go because the vendors often control the complete solution from licensing modules, to the software, all the way down to the hardware.
  Where I work we're currently switching our control system from Sun Solaris to Windows XP. No we don't have a choice in the matter. We get what we're given. Solaris is linked with an old product which is unsupported by the vendor.
26. Re:Microsoft Windows only by deckard026354 · 2014-11-23 22:42 · Score: 1
  
  Hmm. I think it's highly delusional to think CyberEspionage organisations aren't targetting - Windows, Linux, MacOS and FreeBSD concurrently. Probably OpenBSD too.. While I agree that Windows appears to be a gaping wide attack surface, I equally believe that the large number of people running Linux sans Virus checkers patting themselves on the back for feeling secure - are living in la la land. The same fundamental architecture underlies Linux. Stack frame over-runs, heap exploits, SMM exploits, lack of digitally signed and restricted binaries + TPM.
  
  When you get right down to it - the entire architecture of computer systems is not designed for verified operation or security - so - while some systems are more vulnerable - all are going to be vulnerable.
  
  Linux users are living in I think a false sense of security. If as much interest were taken in finding exploits on Linux as is taken in finding expoilts on Windows - you'd find a whole bunch of "OMFG - my webserver has been serving up my p0rn mail to the CIA for the last 10 years due to a trojan" type /. posts.
  
  Have you written *all* the software on your computer system - including keyboard, hardisk, WiFi and webcam firmware? No... OK then - your guarantee of security is exactly nil !
27. Re:Microsoft Windows only by Lumpy · 2014-11-23 23:29 · Score: 1
  
  Dude, Windows admins are 1/5th the price of a good Unix admin. It is a lot cheaper. you can just hire anyone with a MSFT cert and be done with it at a bargain basement price.
  No they will not be competent, not even have a clue about stability and security, but that does not matter.
  
  --
  Do not look at laser with remaining good eye.
28. Re: Microsoft Windows only by KJSwartz · 2014-11-23 23:58 · Score: 1
  
  Current strain of Microsoft Windows? Which ones? There are presently 7 variants (after losing count) of Windows 8. Are they all equally secure?
  Windows 7? Vista? XPSP3 and 2003 Server?
  Are the Home versions every bit as secure as the Professional versions?
  Notice my glaring omission of NT.
29. Re:Microsoft Windows only by bouldin · 2014-11-24 03:14 · Score: 2
  
  You're implying you've read the Ubuntu vuln announcements for November. Why don't you explain to the class which of these are remote code execution vulns?
  http://www.ubuntu.com/usn/
  Maybe you can pick the worst one and explain why it's worse than Microsoft's schannel vuln.
30. Re: Microsoft Windows only by benjymouse · 2014-11-24 03:20 · Score: 1
  
  Current strain of Microsoft Windows? Which ones?
  All of the current Windows versions are derived from Windows NT. The security model was developed for Windows NT. It is the very same extensible (through SIDs) model that has later been extended for AD and later for UAC (mandatory Integrity Control) in Windows Vista.
  
  --
  Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
31. Re:Microsoft Windows only by OutOnARock · 2014-11-24 06:11 · Score: 1
  
  You could also throw in that the combination of Powershell and Windows Server allows the machine to run "headless"
  
  ....just saying....
32. Re:Microsoft Windows only by uninformedLuddite · 2014-11-24 12:45 · Score: 1
  
  I hope you aren't holding your breath.
  
  --
  The new right fascists are bilingual. They speak English and Bullshit.
33. Re:Microsoft Windows only by uninformedLuddite · 2014-11-24 12:46 · Score: 1
  
  No, I can't cite them - they wouldn't be zero-days if I could.
  Can't or wont?
  
  --
  The new right fascists are bilingual. They speak English and Bullshit.
34. Re: Microsoft Windows only by uninformedLuddite · 2014-11-24 12:54 · Score: 1
  
  You are the reason he sold it
  
  --
  The new right fascists are bilingual. They speak English and Bullshit.
35. Re:Microsoft Windows only by Demonoid-Penguin · 2014-11-24 13:11 · Score: 2
  
  targeted attacks like this are OS agnostic,
  Correct, provisionally. Targeted attacks are OS agnostic - if designed to be OS agnostic.
  In the case of Regin (did you even read the lead before shooting your idiot mouth?) it is not OS agnostic. It affects Windows only. So does Stuxnet
  His point was...
  ... not what you believe it was. I quoted the specific point I was replying to.
  ...not what the thread is about
  ...not what the main article is about.
  Again - try reading before shooting your idiot mouth. It's not like you are incapable of focus or intelligent output. Perhaps you're having a bad day or it's just confirmation bias from some sort of emotional over-investment.
  It could have been part of a suite of tools that include ones for other OS. But it is not, hence it's not relevant, and like the OP in this thread - the opposite of "informative".
  Nowhere have I made any statement about any OS being more or less secure than another.
36. Re:Microsoft Windows only by bouldin · 2014-11-24 13:53 · Score: 1
  
  Thanks for the supportive comment, but you've missed the point.
37. Re:Microsoft Windows only by amber_of_luxor · 2014-11-24 14:11 · Score: 1
  
  The first rule of security is:
  _Do not do anything on a computer that has network capability_.
  I've been told that Windows2000 was the last version of Windows that did not require calling home at least once a year, in order to function correctly.
  I know that Windows7 point blank refuses to run if it hasn't called home in the last 180 days.
  
  --
  Wind Beneath Thy Wings
38. Re:Microsoft Windows only by uninformedLuddite · 2014-11-24 14:15 · Score: 1
  
  I don't think I did.
  
  --
  The new right fascists are bilingual. They speak English and Bullshit.
39. Re:Microsoft Windows only by bouldin · 2014-11-24 14:42 · Score: 2
  
  You sure seem to have missed the point. The AC poster (you?) already lost the argument, whether he responds or not.
  I made my point with questions, and the point was that none of the Ubuntu security notices were anywhere near as serious as Microsoft's schannel or OLE vulns.
  Unless I missed something in the Ubuntu bulletins, none of those vulns were even suspected of being remote code execution vulns. The AC poster was flat-out wrong in his assessment that the Ubuntu notice had more vulns, and especially wrong that it had more remotely exploitable vulns. I called him out on his bullshit, but at the same time threw him a softball so he could respond if he cared to actually read up and have a reasonable reply.
  Sometimes there are people on Slashdot who do seek out intelligent discourse. I was leaving that possibility open, but certainly not holding my breath for it.
40. Re:Microsoft Windows only by uninformedLuddite · 2014-11-24 16:12 · Score: 1
  
  I am not the AC. I know that he was full of shit. I actually agreed with you and was trying to inject some humour into the fact you would most likely never hear from him again which seems to be the new way of /.
  
  --
  The new right fascists are bilingual. They speak English and Bullshit.
41. Re:Microsoft Windows only by uninformedLuddite · 2014-11-24 16:13 · Score: 1
  
  s/agreed/agree
  
  --
  The new right fascists are bilingual. They speak English and Bullshit.
42. Re:Microsoft Windows only by bouldin · 2014-11-24 16:24 · Score: 1
  
  Well then, sounds like I missed the point. Cheers
43. Re:Microsoft Windows only by benjymouse · 2014-11-24 19:40 · Score: 1
  
  Shell shock is not malware, it's a bug in Bash that can possibly be exploited if you have exposed Bash to the outside world through some poorly implemented service.
  Yeah. Like Apache.
  
  --
  Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
44. Re:Microsoft Windows only by exomondo · 2014-11-25 09:49 · Score: 1
  
  You've massively missed his point. Windows has long been a joke. Pop a CD in and it just runs an exe. Pop a USB key in and it just runs an exe. Other OSes are a little more discerning.
  Windows hasn't done what you say for years.
45. Re:Microsoft Windows only by Rich0 · 2014-11-25 10:18 · Score: 1
  
  I'm not saying that Reign is OS-agnostic.
  I'm saying that the people who wrote Reign are probably OS-agnostic. If their targets weren't running Windows, then Reign wouldn't target Windows.
  You're focusing on a specific piece of software, and missing the reason the software was written in the first place.
  I'm not suggesting that Reign is part of a bigger suite of hacking tools. I'm saying that Reign was written by people with brains who could target any OS they wanted to target.
  The personal attacks are not helpful to the discussion.
46. Re:Microsoft Windows only by Demonoid-Penguin · 2014-11-25 20:15 · Score: 1
  
  You're focusing on a specific piece of software, and missing the reason the software was written in the first place.
  I'm focusing on what I quoted in my response. You're just being a goal-shifting egotistical dick - which is not "helpful" in any context.
47. Re:Microsoft Windows only by Rich0 · 2014-11-26 05:34 · Score: 1
  
  You're focusing on a specific piece of software, and missing the reason the software was written in the first place.
  I'm focusing on what I quoted in my response.
  You quoted, "targeted attacks like this are OS agnostic."
  Then you said "In the case of Regin (did you even read the lead before shooting your idiot mouth?) it is not OS agnostic."
  He didn't say that Regin was OS agnostic. He said that targeted attacks are OS agnostic. Heck, you can perform a targeted attack without the use of a computer at all.
  The people who wrote Regin weren't out to break Windows. They were out to obtain information. If it was easier to obtain that information by sending in ninjas at night, they would have done that.
  If the sole point of your whole argument is that Regin only targets Windows, well, congratulations, I guess you can win the internet tonight. :)
Backdoor Trojans? by glenebob · 2014-11-23 09:30 · Score: 1

I try not to let Trojans anywhere near my backdoor.
1. Re:Backdoor Trojans? by Greyfox · 2014-11-23 10:44 · Score: 1, Funny
  
  It's targetted! If we wanted to target your backdoor with a trojan, we'd give you about six beers first!
  
  --
  I'm trying to teach myself to set people on fire with my mind... Is it hot in here?
Nation uses malware to spy on ISP Customers... by Etherwalk · 2014-11-23 09:34 · Score: 2

Among other things, they were infecting ISP machines to monitor specific customers.
Anyway, guesses on the responsible party? China, Israel, Russia?
1. Re:Nation uses malware to spy on ISP Customers... by lostmongoose · 2014-11-23 09:42 · Score: 5, Insightful
  
  Among other things, they were infecting ISP machines to monitor specific customers.
  Anyway, guesses on the responsible party? China, Israel, Russia?
  ...or USA, Britain, France, Germany...
2. Re:Nation uses malware to spy on ISP Customers... by Anonymous Coward · 2014-11-23 10:08 · Score: 1
  
  Germany
  Don't be ridiculous. We have the Hackerparagraph. That shit is illegal in Germany.
3. Re:Nation uses malware to spy on ISP Customers... by AHuxley · 2014-11-23 10:16 · Score: 1
  
  Lots of nations can try. Italy had its SISMI-Telecom scandal https://en.wikipedia.org/wiki/...
  Greece had the wiretapping case 2004–05 https://en.wikipedia.org/wiki/...–05
  Now the world is seeing more software efforts beyond the expected gov tapping hardware and software.
  So many staff around the world have done legitimate tapping for their govs and mil for generations.
  Tame computer systems, networks have crypto that is well understood and of a weak international standard. Signals intelligence is great to sell to govs and mil. Ex staff, former staff and govs are all happy to see what they can get.
  
  --
  Domestic spying is now "Benign Information Gathering"
4. Re:Nation uses malware to spy on ISP Customers... by HiThere · 2014-11-23 10:46 · Score: 1
  
  Why limit it to nations? Major corporations are as capable as most countries, and only a little bit more endangered if caught.
  
  --
  
  I think we've pushed this "anyone can grow up to be president" thing too far.
5. Re:Nation uses malware to spy on ISP Customers... by mars-nl · 2014-11-23 11:39 · Score: 1
  
  Not sure how security firms conclude nation states must be behind some complex malware. It could also be a corporation. It could also be a criminal gang. It could also be some lone programmer or group of programmers doing this in their own time in order to sell the software or their services to criminals or governments. Most software is not made by governments (actually, can't think of any software) and whenever they try, they usually fail.
6. Re:Nation uses malware to spy on ISP Customers... by Etherwalk · 2014-11-23 12:03 · Score: 1
  
  Stuxnet.
7. Re:Nation uses malware to spy on ISP Customers... by Vlad_the_Inhaler · 2014-11-24 04:23 · Score: 1
  
  Start from the countries on the list: Russia, Saudi Arabia, Mexico, Ireland, India, Afghanistan, Iran, Belgium, Austria, Pakistan. The percentages added up to 100, a surprise because I would expect at least one or two percent to be "other". That makes me mistrust the figures a bit.
  "Significant" countries not on the list include: the US, Canada, Britain, Germany, Israel, Japan, Australia, France, Turkey, Yemen, Iraq, Syria or any of the smaller Gulf States such as Qatar, Bahrain, Dubai. What is also interesting is that Snowden has said nothing about it.
  That makes it look a bit like a co-production to me, one state organisation produced it but they shared it with at least one other country.
  Russia being top back around 2008-2011 implicates some of the main western countries.
  Saudi Arabia being so high on the list implicates Israel, Gulf States, or possibly the U.S.
  Austria could possibly point towards Israel.
  Afghanistan, Iran and Pakistan point towards the U.S.
  Mexico being up there implicates the U.S.
  Ireland? The only reason I can see for them being on the list is Transatlantic Cables. The GCHQ would maybe care that much.
  I would expect the country which produced this to have infected some servers in their own country, to deflect suspicion.
  Finally, one significant political event in 2011 was the fall of Mubarak in Egypt. If they were behind it then the dates when it was inactive would make sense, so would the subsequent reappearance. Do they have the ability?
  
  --
  Mielipiteet omiani - Opinions personal, facts suspect.
Linux is a monoculture. by Anonymous Coward · 2014-11-23 09:37 · Score: 2, Informative

Linux may not have been a monoculture back in the 1990s, but it's not the 1990s any longer!
All of the major distros are basically the same these days. The kernel is the same. The file system layout is the same. The package managers are either RPM or APT. Now that Debian and Ubuntu will switch or have switched, all of the major distros but Slackware (if it's even a "major" distro these days!) use or support systemd. They use pretty much the same userland software.
If Linux really wasn't a monoculture, then security incidents like the ones involving bash and OpenSSL earlier this year wouldn't have been as widespread as they were.
Not using systemd was the one thing that differentiated Debian and Ubuntu from Fedora, CentOS, RHEL, openSUSE, and the other distros. Now Debian and Ubuntu are basically clones of those other systems. The main different now is whether you type "apt-get" or "yum" to install packages! That's no difference at all, really.
The BSDs are the only family of OSes where there's some diversity left. But even they are still very similar in many ways.
1. Re: Linux is a monoculture. by r_a_trip · 2014-11-23 10:01 · Score: 1
  
  www.manjaro.org
  
  --
  # touch universe # chmod +rwx universe # ./universe
2. Re: Linux is a monoculture. by mysidia · 2014-11-23 10:27 · Score: 1
  
  This is what their reaction used to be when we talked about switching Windows servers' operating system to Linux. "Linux? No! Wtf is Linux?"
3. Re: Linux is a monoculture. by greenfruitsalad · 2014-11-23 19:26 · Score: 1
  
  Do your 10 other choices come with vendor support (canonical) and predictable release cycles?
Three Letter Agencies? by Frosty+Piss · 2014-11-23 09:40 · Score: 1

...they believe was developed by a wealthy nation-state to spy on a wide range of international targets in diverse industries, including hospitality, energy, airline, and research...
Hello, China...

--
If you want news from today, you have to come back tomorrow.
1. Re:Three Letter Agencies? by mysidia · 2014-11-23 10:30 · Score: 1
  
  Hello USA , Hello UK, Hello any of the usual suspects.
  Hello any country with resources that wants to make one of the above countries look bad by framing them and then "discovering" new malware in the wild.
2. Re:Three Letter Agencies? by Etherwalk · 2014-11-23 12:02 · Score: 1
  
  Hello USA , Hello UK, Hello any of the usual suspects. Why are Americans so blind to the fact their nation does this shit to?
  USA has not yet been caught using its intelligence apparatus with a major aim of industrial espionage, as opposed to its state interests. It should be doing that as a matter of game theory, to incentivize a phased and negotiated reduction in attacks, but I haven't seen evidence that it does. But there is a great deal of evidence of state-sponsored attacks coming out of China against many, many American institutions.
  It doesn't mean the USA doesn't do it--but it does make China a more likely suspect.
3. Re:Three Letter Agencies? by jandersen · 2014-11-23 22:38 · Score: 1
  
  Hello, China...
  OTOH, when this kind of news come out, people are usually not shy about mentioning China by name. In fact, a number of 'wealthy nation-states' in Europe as well as Israel have been mentioned on occasion when it comes to spy-ware. I don't remember the US coming up very often, so by exclusion, America does seem like a likely candidate here. And why not? it isn't as if Americans, American companies or the American state departments are particularly prudish compared to others, when it comes to this sort of thing.
Conspicuously absent ... by CaptainDork · 2014-11-23 09:43 · Score: 1

... as a geographic target is ...

--
It little behooves the best of us to comment on the rest of us.
How far do you have to read? by david.emery · 2014-11-23 10:10 · Score: 1

To discover this is a Windows-only virus? That was the first thing that crossed my mind, what platform(s) are vulnerable? It sure as hell isn't clearly stated in any of the articles I read, you have to dive into the details of the Symantec white paper to notice that all the attack vectors were specific to Windows.
And how much does the tech journalism community and the security products & services industry, from Ars to The Verge, to Symantec, get paid to hide the fact this is Yet Another Windows (only) vulnerability?
Highly advanced computer worm? by lippydude · 2014-11-23 10:18 · Score: 1

This 'highly advanced' computer worm will only work on Microsoft Windows:

"Symantec Security Response has not obtained the Regin dropper at the time of writing. Symantec believes that once the dropper is executed on the target’s computer, it will install and execute Stage 1. It’s likely that Stage 0 is responsible for setting up various extended attributes and/or registry keys and values that hold encoded versions of stages 2, 3, and potentially stages 4 and onwards". ref
1. Re:Highly advanced computer worm? by benjymouse · 2014-11-24 05:31 · Score: 1
  
  This 'highly advanced' computer worm will only work on Microsoft Windows:
  It is not a worm. It is a trojan, i.e. the user has to invite the trojan (the "dropper") inside for it to work.
  A worm is an automated infection which propagates automatically from system to system. Like the Shellshock worms, Code Red, Nimda.
  Any particular reason you chose to call it a worm, despite that it was described as a trojan in the summary as well as in TFA?
  
  --
  Reading slashdot one-liner: (irm http://rss.slashdot.org/Slashdot/slashdot).rdf.item | fl title,desc*
2. Re:Highly advanced computer worm? by lippydude · 2014-11-24 11:04 · Score: 1
  
  @benjymouse: "Any particular reason you chose to call it a worm, despite that it was described as a trojan in the summary as well as in TFA?"
  
  "Backdoor Regin .. bears some resemblance to .. the computer worm and trojan that was programmed to disrupt Iran's nuclear program"
Re:*nix Version Not Yet Discovered. by david.emery · 2014-11-23 11:18 · Score: 1

It's possible there are other versions. But that's not my point. The version that has been discovered and documented runs on Windows, a fact that is probably deliberately not made clear in the articles.
Symantec only? by eegeerg · 2014-11-23 13:07 · Score: 1

Yes, I RTFA (again). Any independent confirmation outside of Symantec?
You "can't think of" software used by govt to spy? by Rujiel · 2014-11-23 13:16 · Score: 1

When stuxnet (engineered by israel and the US) is mentioned in TFA? Are you playing dumb? That's aside from the hefty lists of internal hacking tools leakes by snowden, be it from the NSA or their british buddies.
I don't NEEED no stickin' source code.... by grep+-v+'.*'+* · 2014-11-23 13:26 · Score: 1

Researchers have unearthed highly advanced malware ... spy on a wide range of international targets in diverse industries
Oh my! Evil people are actively breaking into computers! Just imagine what they could do if they actually had the source code to what the targets run.

It's only by using proprietary software are we able to keep ourselves safe like this.

--
If the universe is someone's simulation -- does that mean the stars are just stuck pixels?
Scrambled Like Chickens with Their Eggs in a Bunch by crywalt · 2014-11-23 13:59 · Score: 1

Holy mixed metaphors! "Executing the first stage triggers a domino chain...." Does it trigger a domino chain which cascades along the peaks of the shield holding the noses of the elephants in the room?
Analysis White Paper by Fnord666 · 2014-11-23 16:48 · Score: 3, Informative

Here is a link to the analysis white paper about Regin published by Symantec. An interesting read and it does look very similar to Duqu in structure.

--
'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
Re: Hello FVEY by KJSwartz · 2014-11-23 23:49 · Score: 1

Perpetual decay \snicker \ha \haw
Remember ANYTHING about the 50s, 60s and 70s, son? You have things SO MUCH BETTER NOW than way back in the day. Computerized checkbooks, reliable transportation, telephone,... ..., Electricity, Internet. Need I go on? Polio and Smallpox Vaccines,... ..., imaging technology that puts X-ray Films from Polaroid to shame.
The decay you believe in is a figment of your imagination. Visit a third world county sometime and see what value your "wealth of knowledge" has in the real world. \Pity.
Marketing by Going_Digital · 2014-11-23 23:57 · Score: 1

Highly Sophisticated; by who's standards, Symantec? What do they know about sophisticated software? Symantecs marketing department thought they would make it sound exciting by suggesting it was created by a government agency. Pathetic effort to try and boost sales of Symantec software.
Detection? by jrq · 2014-11-24 02:47 · Score: 1

Why is it that these major news outlets (Forbes, CNET, CNN, etc) all have articles about this new trojan/virus. They quote statistics from Symantec about the number of infect machines, and yet, not one describes how you can detect an infection. They must know. One previous post identifies a Symantec white paper describing the trojan's behavior (Here). Why don't these articles describe the steps required to detect it? It's not like they're under any obligation to encourage readers to buy into Symantec's bloated anti-virus products.

--
My UID is prime!
Gareth Williams by whysea · 2014-11-24 09:01 · Score: 1

The dates of the end of Regin 1 correspond roughly to the astonishing demise this GHCQ analyst..I would put my money on the brits.
Re:Palindrome Name ? by Bob_Who · 2014-11-24 18:09 · Score: 1

That's not a palindrome. niger is a Latin adjective meaning black. Please note the single 'g'.
Niger (or anagram) is spelled with only one "g"....
Oh, I see what you did there, honky!