News24

New malware targets Iran, Israel

2012-07-19 10:29

Cape Town - At least 800 victims have been identified as targets of malware affecting computer users in the Middle East, a security company has revealed.

Kaspersky Lab announced that the Madi trojan targeted people working primarily on Israeli and Iranian infrastructure projects and financial institutions.

"While the malware and infrastructure is very basic compared to other similar projects, the Madi attackers have been able to conduct a sustained surveillance operation against high-profile victims," said Nicolas Brulez, senior malware researcher at Kaspersky Lab.

The malware was first identified by Seculert and Kaspersky said that the "amateurish" nature of the Trojan had helped it evade detection.

"Perhaps the amateurish and rudimentary approach helped the operation fly under the radar and evade detection," said Brulez.

Documents

The trojan enables remote attackers to steal files from infected Windows computers, monitor communications such as e-mail and instant messages, record audio, log keystrokes, and take screenshots of victims' activities. Data analysis suggests that gigabytes of data have been uploaded.

An examination of the malware identified an unusual amount of religious and political documents and images that were dropped when the initial infection occurred.

"Interestingly, our joint analysis uncovered a lot of Persian strings littered throughout the malware and the C&C tools, which is unusual to see in malicious code. The attackers were no doubt fluent in this language," said Aviv Raff, chief technology officer at Seculert.

This is the latest in a string of cyber attacks on targets in the Middles East.

Kaspersky linked the Duqu, Stuxnet and Flame virus to a single authoring organisation, and it is unclear whether this trojan may be the latest attack from the same organisation.

The security company said that a new attack was not unexpected and that targeted attacks on companies may be part of a broader government espionage programme.

"For example, when the United States spoke about targeted attacks on military contractors: Is it an attack on the US government? Yes, because they tried to steal information on blueprints of military technology. I think any attack related to stealing such information is one country against another country," Alex Gostev, chief security expert at Kaspersky Lab told News24.


- Follow Duncan on Twitter
 

Comments
  • almeleh - 2012-07-19 14:00

    This headline is completely misleading. Iran and Israel are not mentioned at all in the article.

  • pages:
  • 1