Date:18/07/12
Trojan with references to Islam, Farsi language, and Israel-Iran conflict is found on hundreds of PCs in the Middle East.A data-stealing Trojan capable of recording keystrokes, screenshots and audio and stealing text and image files has infected about 800 computers, mostly in Iran and Israel, over the last eight months, researchers said today.
The malware, dubbed "Mahdi" (also "Madi") because of references in the code to the word for the Islamic Messiah, included strings in Farsi and dates in the Persian calendar format in communications with a command-and-control server in at least one of the variants, and a server that was located in Iran for at least one campaign, according to a blog post from Israel-based security firm Seculert.
The victims included critical infrastructure companies, government embassies, financial services firms in Iran, Israel, Afghanistan, UAE, Saudi Arabia and other Middle Eastern countries, as well as the U.S. and New Zealand, Symantec reported.
Despite the types of victims and countries affected, the researchers said it was unclear whether it was a state-sponsored attack or not.
The campaigns started out with social engineering via an e-mail attachment. In one campaign, the attached file executed a malware dropper that contained a Word document of a news article with the headline "Israel's Secret Iran Attack Plan: Electronic Warfare," Seculert said.
Other targets featured malicious PowerPoint attachments that displayed video stills showing a missile destroying a jet plane and a dialog box asking for permission to run an executable .scr file, according to Symantec researchers, who found a command-and-control server in Azerbaijan, while Seculert found some in Canada, as well.
An "Activated Content" PowerPoint feature enables executable content within the spearphishing attachments to be run automatically and the embedded downloaders install backdoor services on the system, according to a Kaspersky blog post.
One example delivered the executable within a confusing math puzzle slideshow, while another showed a series of religious, nature-themed images with messages in English and poor Hebrew. Kaspersky also saw images displayed of a nuclear explosion and a video, which were likely designed to trick the victim into thinking nothing untoward was happening, Russia-based Kaspersky said.
This is just the latest piece of malware with links to Iran. Flame, Stuxnet and its cousin Duqu all targeted critical computer systems in Iran and neighboring countries. Flame and Stuxnet reportedly were developed by the U.S. and Israel.
Mahdi 'Messiah' malware targeted Israel, Iran PCs
Trojan with references to Islam, Farsi language, and Israel-Iran conflict is found on hundreds of PCs in the Middle East.A data-stealing Trojan capable of recording keystrokes, screenshots and audio and stealing text and image files has infected about 800 computers, mostly in Iran and Israel, over the last eight months, researchers said today.The malware, dubbed "Mahdi" (also "Madi") because of references in the code to the word for the Islamic Messiah, included strings in Farsi and dates in the Persian calendar format in communications with a command-and-control server in at least one of the variants, and a server that was located in Iran for at least one campaign, according to a blog post from Israel-based security firm Seculert.
The victims included critical infrastructure companies, government embassies, financial services firms in Iran, Israel, Afghanistan, UAE, Saudi Arabia and other Middle Eastern countries, as well as the U.S. and New Zealand, Symantec reported.
Despite the types of victims and countries affected, the researchers said it was unclear whether it was a state-sponsored attack or not.
The campaigns started out with social engineering via an e-mail attachment. In one campaign, the attached file executed a malware dropper that contained a Word document of a news article with the headline "Israel's Secret Iran Attack Plan: Electronic Warfare," Seculert said.
Other targets featured malicious PowerPoint attachments that displayed video stills showing a missile destroying a jet plane and a dialog box asking for permission to run an executable .scr file, according to Symantec researchers, who found a command-and-control server in Azerbaijan, while Seculert found some in Canada, as well.
An "Activated Content" PowerPoint feature enables executable content within the spearphishing attachments to be run automatically and the embedded downloaders install backdoor services on the system, according to a Kaspersky blog post.
One example delivered the executable within a confusing math puzzle slideshow, while another showed a series of religious, nature-themed images with messages in English and poor Hebrew. Kaspersky also saw images displayed of a nuclear explosion and a video, which were likely designed to trick the victim into thinking nothing untoward was happening, Russia-based Kaspersky said.
This is just the latest piece of malware with links to Iran. Flame, Stuxnet and its cousin Duqu all targeted critical computer systems in Iran and neighboring countries. Flame and Stuxnet reportedly were developed by the U.S. and Israel.
Views: 869
©ictnews.az. All rights reserved.
Similar news
- Cellphone Use May Raise Cancer Risk
- Australian police pushes cyber safety education
- Vietnam aims to lead in e-government
- Senate Website Gets Hacked
- US builds net for cyber war games
- Japan enacts anti-computer virus law
- India passes law vs e-waste
- Anonymous Declares War On The City Of Orlando
- Microsoft highlights evolving dangers as online identity data proliferates
- Consumers want internet security to be provided by banks
- Government facilities targets of cyber attack
- South Korean web attacks might been war drill
- Sri Lanka to Establish National Passport Database to Increase Border Security
- Hi-tech crime agencies set to employ information security professionals
- Phone hacking and online campaign bring down the News of the World
