Talk:Regin (malware)

This is the talk page for discussing improvements to the Regin (malware) article.
This is not a forum for general discussion of the article's subject.

Put new text under old text. Click here to start a new topic.
New to Wikipedia? Welcome! Learn to edit; get help.

Article policies

Find sources: Google (books · news · scholar · free images · WP refs) · FENS · JSTOR · TWL

Computer Security: Computing High‑importance

This article is within the scope of WikiProject Computer Security, a collaborative effort to improve the coverage of computer security on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.Computer SecurityWikipedia:WikiProject Computer SecurityTemplate:WikiProject Computer SecurityComputer Security articles

High

This article has been rated as High-importance on the project's importance scale.

This article is supported by WikiProject Computing (assessed as Mid-importance).

Things you can help WikiProject Computer Security with:

Article alerts will be generated shortly by AAlertBot. Please allow some days for processing. More information...

Answer question about Same-origin_policy
Review importance and quality of existing articles
Identify categories related to Computer Security
Tag related articles
Identify articles for creation (see also: Article requests)
Identify articles for improvement
Create the Project Navigation Box including lists of adopted articles, requested articles, reviewed articles, etc.
Find editors who have shown interest in this subject and ask them to take a look here.

Software: Computing Low‑importance

	This article is within the scope of WikiProject Software, a collaborative effort to improve the coverage of software on Wikipedia. If you would like to participate, please visit the project page, where you can join the discussion and see a list of open tasks.SoftwareWikipedia:WikiProject SoftwareTemplate:WikiProject Softwaresoftware articles
Low	This article has been rated as Low-importance on the project's importance scale.
	This article is supported by WikiProject Computing.

Description of Regin[edit]

removed the following from the article page...

Correction: Regin is NOT a virus, but a trojan. The whitepaper from Symantec clearly says, "A reproducible infection vector is unconfirmed at time of writing." I see that this was also put under the category of Worms, which is also entirely inaccurate. "It is used for the collection of data and continuous monitoring of targeted organizations or individuals. This report provides a technical analysis of Regin based on a number of identified samples and components. This analysis illustrates Regin’s architecture and the many payloads at its disposal"

This is correct, there is nothing in the paper published by symantec saying that this is a virus, nor that it is a trojan (as suggested above). The attack vector is unknown at this point.

— Preceding unsigned comment added by 82.71.3.221 (talk • contribs) 00:30, 24 November 2014‎

Yeah it seems to be this should simply be called malware until more info emerges. So will anyone object if I move it to Regin (malware)? Nil Einne (talk) 00:55, 24 November 2014 (UTC)[reply]

please do, I don't know how to do that myself, otherwise I would have done it already.

For future reference, unfortunately it's not possible for unregistered editors. If you are unwilling or unable to register, you'll need to request someone do it for you, perhaps via the Wikipedia:Requested moves template. Nil Einne (talk) 01:48, 24 November 2014 (UTC)[reply]

The blog post from symantec http://www.symantec.com/connect/blogs/regin-top-tier-espionage-tool-enables-stealthy-surveillance says that Regin is 'a back door-type Trojan'.

But the rest of the blog post just uses malware (except where it calls it a Remote Access Trojan) and give details which suggest they don't know that well how it spreads. There doesn't seem to be any evidence so far that it's self spreading so worm and virus should probably be avoided. And it probably spreads like a trojan in at least some cases (and they say it does), but other cases seem more complicated and I don't know if there's even a good word for them. E.g. the case where a Yahoo Messeger exploit was used, was this really trojan like? I'm guessing the answer may be no. Anyway I'm not seeing any specific objection to malware so I'll move it with no prejudice to any future renaming. Nil Einne (talk) 01:40, 24 November 2014 (UTC)[reply]

Name[edit]

Does anyone know why it's called Regin? Eric Kvaalen (talk) 14:52, 27 November 2014 (UTC)[reply]

According to a german newspaper [1] security people at Microsoft, who found fragments of it first, named it after the sneaky nord god Regin. Alexpl (talk) 15:39, 27 November 2014 (UTC)[reply]

Thanks, I have put it in the article. Eric Kvaalen (talk) 16:36, 28 November 2014 (UTC)[reply]

Regin and NSA 'qwerty' keylogger[edit]

I'm no expert in this field, but maybe this recent article is useful and should be mentioned. It documents striking similarities between Regin and a malware known (from the Snowden documents) to have been deployed by the NSA. Looks pretty convincing. The article contains a link to the original code snippets published by Der Spiegel in Jan 2015:

https://securelist.com/blog/research/68525/comparing-the-regin-module-50251-and-the-qwerty-keylogger/

84.135.114.2 (talk) 22:46, 27 January 2015 (UTC)[reply]