Mahdi (malware)

Mahdi is computer malware that was initially discovered in February 2012 and was reported in July of that year.[1] According to Kaspersky Lab and Seculert (an Israeli security firm which discovered the malware), the software has been used for targeted cyber espionage since December 2011, infecting at least 800 computers in Iran and other Middle Eastern countries. Mahdi is named after files used in the malware and refers to the Muslim figure.[2]

Seculert and Kaspersky named the malware after "Mehdi" because the attackers put a folder with the same name in the infected computers in order to spread malware. According to the security experts, Mahdi malware works apparently at a lower level than Stuxnet and is made using existing public softwares.[3]

Targets

The targets of this malware include sensitive infrastructure companies, computers of engineering students, financial service institutions, and official government embassies. The most infection with this malware has been reported in Iran.[4]

Mahdi malware allows attackers to steal files from an infected computer and monitor emails and text messages/chats. It can also record sounds, register keys pressed on the computer keyboard and take pictures of the activities shown on the computer monitor screen. Also, a text file named "mahdi.txt" is included in the malware program on the infected computer.[5][6]

See also

References

  1. ^ "New 'Mahdi malware' cyber spy attack on Iran disclosed". Los Angeles Times. 17 July 2012.
  2. ^ Mahdi, the Messiah, Found Infecting Systems in Iran, Israel, July 17, 2012 Wired, Kim Zetter
  3. ^ "ويروس «مهدی» همچنان خطرناک است؛ ایران مهمترین قربانی". رادیو فردا (in Persian). 2 September 2012.
  4. ^ "رويترز: حمله ويروس جاسوسی «مهدی» به ايران و برخی کشورهای خاورمیانه". رادیو فردا (in Persian). 17 July 2012.
  5. ^ "Iran still on target of 'Mahdi' malware after detection". The Hacker News.
  6. ^ "Madi Malware: Advanced Persistent Threat Or Just A Threat?". www.darkreading.com.