back to article Kaspersky: That 2 years we took to warn you about Regin ? We had good reason

Kaspersky Lab has responded to criticism that security vendors took years too long to spot Regin, a recently discovered strain of ultra-sophisticated (and probably state-sponsored) spyware. Regin is a software framework rather than an individual malicious code sample. Security vendors have until recently only seen fragments of …

  1. Jason Bloomberg Silver badge

    How long is too long to have kept quiet?

    We don't want AV and security companies crying wolf but somewhere between suspicion and absolute proof there would surely be some point at which it becomes reasonable to warn that something is afoot.

    It is entirely reasonable to ask why we are only learning of this threat now and not sooner.

    1. Anonymous Coward
      Anonymous Coward

      Re: How long is too long to have kept quiet?

      "It is entirely reasonable to ask why we are only learning of this threat now and not sooner."

      Isnt that true whenever they announce it? The answer is always going to be "today is the point at which we felt it was most suitable and most met our business objectives to keep our profile high."

    2. btrower

      Re: How long is too long to have kept quiet?

      @Jason Bloomberg:

      Re: "some point at which it becomes reasonable to warn that something is afoot"

      Something is afoot right now. You can take that to the bank. There are so many attack vectors it is impossible for a firm to entirely secure your system.

      I am not a big fan of the AV vendors, but I think they have been more than upfront about the fact that you are in ongoing danger.

    3. Elmer Phud

      Re: How long is too long to have kept quiet?

      To keep the dinosaur analogy going --we'd now be seeeing Piltdown Man or the way that bones were slung together to make what was fanciful in the eyes of the curators.

    4. Anonymous Coward
      Anonymous Coward

      Kaspersky is like Symantec, except brain-fried on bathtub vodka

      Crazy. They're all crazy.

      Anti-Virus and PC Security is the refuge of lunatics.

      Having their products on your PC is like you having a full-time proctologist. Not worth it.

  2. Anonymous Coward
    Anonymous Coward

    If the Police discover a body they can't identify...

    ...they don't keep it to themselves for a couple of years, they go public quite quickly...so no, no, no, someone told all these puppet anti virus venders to keep mum about this....so.....NSA, again!!

    1. Tom 35 Silver badge

      Re: If the Police discover a body they can't identify...

      So the high profile targets found out enough about it to detect it.

      Now use it for a wide range of lower profile targets, now it starts to show up in AV samples.

  3. Panicnow

    What else is out there?

    Perhap Kaspersky Lab, F-Secure and Symantec can come clean with an indication of how many, "bits of bone" they are currently analysing.

    1. Allan George Dyer Silver badge

      Re: What else is out there?

      Hundreds of thousands of unique samples a day. The numbers don't mean very much anymore. Lots are corrupt samples, or repackaged known malware. It's like trying to do paleontology by picking through the rubble after bulldozers have flattened the Natural History Museum.

  4. Britt

    Issue is, if they announce to the world what they have, by it's nature they've told those they're investigating to change their game.

    1. Anonymous Coward
      Devil

      Yes!

      Wouldn't that mean they'd have to start over?

      1. Will Godfrey Silver badge

        Re: Yes!

        No. They'd just lead everyone on a wild goose chase with the parts that were discovered while switching to the backup stuff they almost certainly have, for just that eventuality.

        1. Destroy All Monsters Silver badge
          Paris Hilton

          Re: Yes!

          "Crazy prepared", then?

          They must have hored Pham Nuwen himself.

        2. swschrad

          and. oh, by the way... those "five eyes" guys with no infections...?

          two explainations. one... they use a different set of sneakies to spy on their own. two... the sneaks from Nonameistan are using a different set of sneakies to spy on the "five eyes" guys, in hope of drawing all attention to the "five eyes" nations so they can keep the game going as long as possible and amass the money and tools to have flying cars.

          the spy game is like that. redirection and red herrings.

        3. Anonymous Coward
          Anonymous Coward

          Re: Yes!

          From the analyses to date, it had a modular nature to do exactly that.

  5. PrivateCitizen
    Stop

    High Profile Announcements

    As far as I can see, until "Shellshock", it was pretty normal for AV vendors to do their think, issue detection file updates and provide a bit of protection for end users.

    The much maligned McAfee appears to have a detection in place for Regin since 2011 - which predates the trend for high profile DAT file releases - so I suspect a lot of the secrecy around this is simply people dont bother looking through the tedious information pushed out with each detection database release.

  6. Irongut

    Hug resources

    Because all virus programmers need a hug!

  7. Andy The Hat Silver badge

    "Legspin" proves it was either Aussie or British. Nobody else in the world even knows the term to use it surreptitiously ...

    1. Destroy All Monsters Silver badge

      In this case, why believe that this word has the significance one usually attaches to it?

      1. Gordon 10 Silver badge

        And if it is a clue what about India or Pakistan at a push.

        1. Elmer Phud

          We'd acccuse them of 'chucking' like we usually do.

    2. 4ecks
      Black Helicopters

      Re. Legspin

      I think it points towards a global company...

      From Wikipedia "The GOOGLY is a major weapon in the arsenal of a leg spin bowler, and can be one of the bowler's most effective wicket-taking balls. It is used infrequently, because its effectiveness comes mostly from its surprise value."

      1. Anonymous Coward
        Anonymous Coward

        Re: Re. Legspin

        So it is an homage to the tosser Warnie?

        1. Glenturret Single Malt

          Re: Re. Legspin

          Scuze, pliz. Zat "tosser", eez not that ze same as "chucker"?

  8. Anonymous Coward
    Anonymous Coward

    So Many...

    ..of these 'security' firms seem to be Russian. It's rather worrying.

    1. Anonymous Coward
      Anonymous Coward

      Re: So Many...

      They create the anti-dote at the same time as the virus, same people responsible.

      1. Anonymous Coward
        Anonymous Coward

        Re: So Many...

        Regin was made in the US Central time zone. You can clearly see this from the GMT time stamps found by Kaspersky. From these time stamps one can see when the spooks came to work at about 8, and as they gradyally left work at 16 - 18. Funny you can even see the lunch hour at 11-12, when stamps are sparce.

        It is idiocy to blame Russia.

  9. Martin Huizing

    "without unlimited resources"

    Nice wording which should read as "with limited resources", which has actually a completely different meaning. How come they have limited resources? They're an AV company. If anyone has the tools, it should be them. The dinosaur analogy also seems like grasping at straws when it comes to protecting their integrity. Sharing is caring, imho. Especially in the AV business.

  10. David 164 Bronze badge

    The problem with these arguments is that by keeping the bones they do have secret from the community they are denying the ability of others to present their own bones, so why Kaspersky and Symantec and others may not have had all the bones individually they may have had enough of the bones separately to build a model of the Dinosaur much earlier that 2 years after the first bone was found by either company.

    And last I check the UK was part of the European commission which has been targeted. It not beyond the possibility that Five eyes or one of the Five eyes countries found Regin but decided to reverse engineer it and use it themselves, which is one of the the big risks of using cyber weapons once they are out there anyone can get hold of them and start using them themselves.

    China is also conveniently missing from the list of targets, they aren't slouches in the cyberwarfare industry.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019