ars technica reported yesterday on a very sophisticated trojan that has been around, they say, since 2008, went dark in 2011 and came back in 2013.
The trojan is comprised of 5 stages, all but the first of which is encrypted and is serially decrypted to avoid detection.
The interesting part about it is that it apparently is a framework with plugins to attack everything from your keyboard to your mouse to a radio base station. The link above has more details and a graphic showing the architecture of this thing. It seems to be very sophisticated.
Supposedly, there have only been around 100 known infections – but do we really know? – mostly inside ISPs. Symantec suggests that this was done not to spy on the ISP, but rather on their customers.
Now that the cat is out of the bag, I am sure we will hear more in the coming days. This could be another Stuxnet.