New malware targets Iran, Israel

2012-07-19 10:29
Kaspersky Lab does analysis of malware threats at its offices in Moscow. (Duncan Alfreds, News24)

Kaspersky Lab does analysis of malware threats at its offices in Moscow. (Duncan Alfreds, News24)

Multimedia   ·   User Galleries   ·   News in Pictures Send us your pictures  ·  Send us your stories

Video

Malware evolution

2012-07-19 10:03

Malware has evolved to match consumer patterns. In this YouTube video, Vitaly Kamluk, chief malware expert at Kaspersky lab explains the process.WATCH

kalahari.com

Cape Town - At least 800 victims have been identified as targets of malware affecting computer users in the Middle East, a security company has revealed.

Kaspersky Lab announced that the Madi trojan targeted people working primarily on Israeli and Iranian infrastructure projects and financial institutions.

"While the malware and infrastructure is very basic compared to other similar projects, the Madi attackers have been able to conduct a sustained surveillance operation against high-profile victims," said Nicolas Brulez, senior malware researcher at Kaspersky Lab.

The malware was first identified by Seculert and Kaspersky said that the "amateurish" nature of the Trojan had helped it evade detection.

"Perhaps the amateurish and rudimentary approach helped the operation fly under the radar and evade detection," said Brulez.

Documents

The trojan enables remote attackers to steal files from infected Windows computers, monitor communications such as e-mail and instant messages, record audio, log keystrokes, and take screenshots of victims' activities. Data analysis suggests that gigabytes of data have been uploaded.

An examination of the malware identified an unusual amount of religious and political documents and images that were dropped when the initial infection occurred.

"Interestingly, our joint analysis uncovered a lot of Persian strings littered throughout the malware and the C&C tools, which is unusual to see in malicious code. The attackers were no doubt fluent in this language," said Aviv Raff, chief technology officer at Seculert.

This is the latest in a string of cyber attacks on targets in the Middles East.

Kaspersky linked the Duqu, Stuxnet and Flame virus to a single authoring organisation, and it is unclear whether this trojan may be the latest attack from the same organisation.

The security company said that a new attack was not unexpected and that targeted attacks on companies may be part of a broader government espionage programme.

"For example, when the United States spoke about targeted attacks on military contractors: Is it an attack on the US government? Yes, because they tried to steal information on blueprints of military technology. I think any attack related to stealing such information is one country against another country," Alex Gostev, chief security expert at Kaspersky Lab told News24.


- Follow Duncan on Twitter
 

Read more on:    kaspersky lab  |  cybercrime
NEXT ON NEWS24X

Read News24’s Comments Policy

24.com publishes all comments posted on articles provided that they adhere to our Comments Policy. Should you wish to report a comment for editorial review, please do so by clicking the 'Report Comment' button to the right of each comment.

Comment on this story
1 comment
Add your comment
Comment 0 characters remaining
 

Inside News24

 
 

Zuma: Pray for peaceful polls

President Jacob Zuma has asked members of the Universal Church of the Kingdom of God to pray for peaceful elections on 7 May.

 
 

Latest elections multimedia

Why Jack Parow wants you to vote on 7 May
The ad the SABC doesn't want to air
Elections 2014 in one cartoon
This year's election posters
 
Traffic
Lottery
 
  • Friday Grabouw - 11:32 AM
    Road name: N2 Eastbound
    DELAYS between Sir Lowrys Pass and Grabouw
  • Friday Cape Town - 10:14 AM
    Road name: M3 Inbound
    EVENT - left lane closed between Rhodes Avenue and UCT
 
More traffic reports...
 

Jobs in Cape Town [change area]

Property [change area]

Travel - Look, Book, Go!

Escape winter, head to Mauritius

Escape winter by spending 7 nights in Mauritius' tropical bliss from R13 215 per person sharing. Includes return flights, airport transfers and accommodation. Book now!

Kalahari.com - shop online today

Get many eggs in one basket!

Gaming bundles: 2 Super Hits games for R99, 3 Disney games for R99 and more + exclusive accessory bundles only available on kalahari.com. While stocks last. Shop now!

25% off bestselling books!

The Real Meal Revolution by Tim Noakes, Jeffrey Archer’s Be Careful What You Wish for, Man’s Search for Meaning by Victor E. Frank and many more titles. Shop now!

Up to 25% off electronics

Buy top electronics and save up to 25%. Such as kalahari.com’s 1# selling product the gobii eReader, Patriot X Porter flash drive, Asus Nexus 7” 3G tablet, Samsung Galaxy SIII, Lenovo G580 Notebook and many more. Shop now!

DStv HD PVR Decoder now R949

The DStv HD PVR Decoder has further revolutionised the television experience with lifelike viewing, sharper images, more vibrant colours and precision picture quality. Now R949, save R550. Offer valid while stocks last. Shop now!

Up to 30% off appliances & homeware

Save up to 30% on appliances and homeware this Easter! Offer valid while stocks last. Shop now.

OLX Free Classifieds [change area]

Samsung Galaxy s4

Mobile, Cell Phones in South Africa, Western Cape, Cape Town. Date October 24

Best bargain in big bay

Real Estate, Houses - Apartments for Sale in South Africa, Western Cape, Cape Town. Date October 25

VW Golf 6, 1.6 Trendline (Excellent condition)

Vehicles, Cars in South Africa, Western Cape, Cape Town. Date October 25

BlackBerry Bold Touch 9900

The Blackberry Bold Touch 9900 is as the name says...

From R3565.00

I'm shopping for:

Horoscopes
Aquarius
Aquarius

You may find yourself putting in that extra effort on looking good and making an impression. ...read more

There are new stories on the homepage. Click here to see them.
 
English
Afrikaans
isiZulu

Hello 

Create Profile

Creating your profile will enable you to submit photos and stories to get published on News24.


Please provide a username for your profile page:

This username must be unique, cannot be edited and will be used in the URL to your profile page across the entire 24.com network.

Settings

Location Settings

News24 allows you to edit the display of certain components based on a location. If you wish to personalise the page based on your preferences, please select a location for each component and click "Submit" in order for the changes to take affect.








Facebook Sign-In

Hi News addict,

Join the News24 Community to be involved in breaking the news.

Log in with Facebook to comment and personalise news, weather and listings.