Mahdi spy malware uncovered, but no Flame link yet
Security researchers said Tuesday they have come across a new strain of espionage malware that has successfully infected 800 different organizations this year in the Middle East to steal information and spy on communications.
The victims are nabbed via enticing "spear phishing" emails that come outfitted with malicious Microsoft PowerPoint and Word files that trick the recipients into installing a trojan dropper by presenting them with pleasant outdoor images. In another case, the malware downloader was disguised by an actual article on cyberwarfare that appeared in The Daily Beast.
No zero-day vulnerabilities were needed -- the victims were infected by merely running the malicious code, dubbed Mahdi (which roughly translates Messiah), said Aviv Raff, CTO of Seculert, an Israeli security firm that first discovered the threat in February. Raff told SCMagazine.com on Tuesday that he and his team found that the malware's communication "strings" were written in Persian, which caught their attention as they had never seen that before. Persian is mostly spoken in Iran and Afghanistan.