Fresh Malicious Program Attacking Middle East

According to security companies Seculert and Kaspersky Labs, a new malware scam is affecting the countries of Mid East as it targets Middle Eastern government agencies, vital infrastructure engineering companies, academia and financial houses.

The bug named Mahdi or Madi, meaning Messiah, has been identified as victimizing 800 targets spanning 8-months, state the researchers.

The attack, according to Seculert, involved a socially-engineered e-mail message, which contained a file attachment. During a particular instance, this attachment ran a malware installer through an inherent Word file carrying one news story that was captioned "Israel's Secret Iran Attack Plan: Electronic Warfare".

Meanwhile, Symantec's security researchers said that other attacks involved harmful PowerPoint attachments, which exhibited movie images of a missile demolishing one speedy jet airplane as well as a dialog window directing to give consent for executing a .scr executable. This was after Symantec detected one command-and-control (C&C) server located at Azerbaijan whilst Seculert detected a few in Canada too.

The malware, if loaded, intercepted the computer operator's every action, seizing account accessing credentials, capturing screenshots of social-networking communications or e-mails, as well as recording audio. During the 8-month period, the bug collected data of different gigabytes, says Seculert.

The malicious program struck a minimum of 387 PCs in Iran, while 54 in Israel. Besides, it infected computers in Saudi Arabia, United Arab Emirates, and Afghanistan, making 4, 6 and 14 contaminations respectively.

Reportedly, Madi is said to be much less advanced compared to Flame, another malware just detected which was utilized for espionage operations against Iranian PCs for filching data. But, the bug isn't anything similar to Stuxnet that USA understandably, covertly used for damaging the Iranian nuclear program.

Director of Global Research and Analysis Team Costin Raiu at Kaspersky Labs said that the Madi assault was carried out using rudimentary and constrained technology. Pcworld.com published this on July 18, 2012.

Raiu further said that the complexity associated with the Madi assault was also less if compared to the lately conducted assaults against Uighur and Tibetan activists. For, those attacks utilized software exploits for planting spyware, whilst in the Madi assaults, social engineering was the sole means.

Related article: Force 9 and TalkTalk Are the Highest Spam-Delivering ISPs

» SPAMfighter News - 7/25/2012