Mahdi Trojan Disseminates Increasingly into Middle East Particularly Iran

The cyber-spying Trojan 'Mahdi' that targeted Middle Eastern countries including Iran has broadened its attack opportunities despite security researchers busting it in July 2012, observes Seculert the security firm from Israel.

According to the firm, the code of Mahdi has been altered so its authors can conveniently elude detection. It notes that during the recent 6-weeks, 150 fresh victims got created with the malware, bringing the aggregate contamination cases to approximately a thousand.

CTO (Chief Technical Officer), Aviv Raff of Seculert expressing surprise at Mahdi's continued prevalence said that even a large hype accompanying the malware couldn't stop it from spreading. That, he noted, indicated how the attackers kept on carrying out an effective operation using the surveillance malware. Eweek.com published this in news on August 30, 2012.

Elsewhere Raff stated that by analyzing the websites which the attackers were targeting in their surveillance campaign, it became apparent that they were largely hunting victims that bore an association with the U.S. Scmagazine.com published this dated August 30, 2012.

Raff added that presently, the newer variants of Mahdi that had been developed interestingly targeted victims, which bore an association with America alternatively visited the country often.

Remarking about the aforementioned Trojan, Senior Researcher Roel Schouwenberg from Kaspersky Lab, which's working in co-operation with Seculert, in assessing the Mahdi stated that the malware's operation was less professional which ran via mechanism developed with broadly obtainable computer programs. Further, in case of a low-quality operation, often less importance was given to the malware being discovered, however, it still remained frightening with respect to the Trojan actually being effective, he added. Reuters.com published this in news on August 29, 2012.

Moreover, Senior Security Researcher Kurt Baumgartner at Kaspersky Lab stated that Mahdi attackers currently also targeted mail lists for transmitting e-mail accountholders' data locally to hackers. Scmagazine.com published this dated August 30, 2012.

Additionally, according to Baumgartner, the audio and video spying abilities of the malware hadn't been utilized to the same extent like its other functions. But, in his opinion, possibly the attackers didn't really require them in the cases of the data captured thus far.

Related article: Media Players Are Seriously Flawed

» SPAMfighter News - 9/6/2012