THE internet has changed all sorts of industries, from book delivery to newspaper publishing to pornography. And spying is no exception. On November 23rd Symantec, an American anti-virus firm, announced the discovery of Regin, a complicated piece of malicious software that has been lurking on computer networks in Russia and Saudi Arabia (among other places), stealing whatever secrets have come its way. Only a couple of weeks before, Kaspersky Labs, another anti-virus firm, revealed the existence of DarkHotel, another piece of espionage-ware that targeted corporate bosses and other bigwigs staying at hotels in Asia. Both pieces of software are slick, sophisticated and complicated. For that reason, the anti-virus firms think they are the work of nation states. DarkHotel has been tentatively pinned on South Korea. Regin is thought to be the work of the British, possibly with help from the Americans. But how do anti-virus researchers know where viruses come from?
via The Economist explains: How to trace a cyber-weapon | The Economist.