Skip to main content

Mahdi spy malware uncovered, but no Flame link yet

posted onJuly 19, 2012
by l33tdawg

Security researchers said Tuesday they have come across a new strain of espionage malware that has successfully infected 800 different organizations this year in the Middle East to steal information and spy on communications.

The victims are nabbed via enticing "spear phishing" emails that come outfitted with malicious Microsoft PowerPoint and Word files that trick the recipients into installing a trojan dropper by presenting them with pleasant outdoor images. In another case, the malware downloader was disguised by an actual article on cyberwarfare that appeared in The Daily Beast.

No zero-day vulnerabilities were needed -- the victims were infected by merely running the malicious code, dubbed Mahdi (which roughly translates Messiah), said Aviv Raff, CTO of Seculert, an Israeli security firm that first discovered the threat in February. Raff told SCMagazine.com on Tuesday that he and his team found that the malware's communication "strings" were written in Persian, which caught their attention as they had never seen that before. Persian is mostly spoken in Iran and Afghanistan.

Source

Tags

Flame Stuxnet Viruses & Malware

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th