New York, November 25: Computer security firm Symantec has discovered a hidden virus that has been spying on computers across the globe, including in India, for at least six years. The trojan worm named ‘Backdoor. Regin’ is involved in password and data theft, capturing screenshots from infected computers, network traffic monitoring and analysing email.
Its targets are computers in 10 countries, a majority in Russia and Saudi Arabia but five percent of the infections have been traced to India. “Regin has targeted mostly private individuals and small businesses, but also telecom, hospitality, energy, airline and research firms,” said Symantec in a statement. “The level of sophistication and complexity of Regin suggests that the development of this threat could have taken well-resourced teams of developers many months or years to develop and maintain,” the statement added. With several stealth features, anti forensics, custom encryption, it is a “highly-complex threat which has been used in systematic data collection or intelligence gathering campaigns”. Regin has two versions, Version 1 which worked from 2008 and was withdrawn in 2011, and the second version that has been silently infecting computers since 2013. Almost 30 percent of the attacks are on telecom companies and “attacks on telecoms companies appear to be designed to gain access to calls being routed through their infrastructure”, Symantec noted. The country responsible for the worm has not been named until now.