> one of the most advanced spy tools ever identified by security researchers
It's interesting to watch the apparently monotonically advancing capabilities of malware. Every piece of spyware discovered is far more advanced than anything that came before. (With the occasional exception, "complete amateur hour shite" malware.) Nobody ever seems to use spyware that's just good enough.
Does "advanced spy tools" just mean "stockpile of unpatched vulnerabilities"? And if so why are "responsible" governments leaving those vulnerabilities extant when they could be used to harm their own citizens. Are we not a target worth protecting?
Cynically, I believe "advanced spy tools" means "I want this story to sound exciting". You hardly need 0-days to pwn most targets. A combination of 7-days, "check out this draft of next week's roadmap", and weak/reused passwords is more than enough.
Malware isn't really my specialty, but this mostly sounds like malware 101 stuff.
> This Regin driver recurrently checks that the current IRQL (Interrupt Request Level) is set to PASSIVE_LEVEL using the KeGetCurrentIrql() function in many parts of the code, probably in order to operate as silently as possible and to prevent possible IRQL confusion. This technique is another example of the level of precaution the developers took while designing this malware framework.
Or in other words, they read the documentation for writing a kernel driver?
Yeah, I can definitely believe this came from GCHQ/NSA/whoever, but the breathless reporting makes it sound like Fox Mulder recovered it from an alien crash.
Think of how precious responsible employees that have read the documentation are to any company. Having teams of dedicated, capable, honest people who are working for a government on malware is absolutely a new development.
Perhaps, in their eyes, a few hundred stolen identities & fraudulent purchases is collateral damage and petty compared to the type of threats they're dealing with.
It's interesting to watch the apparently monotonically advancing capabilities of malware. Every piece of spyware discovered is far more advanced than anything that came before. (With the occasional exception, "complete amateur hour shite" malware.) Nobody ever seems to use spyware that's just good enough.