Wednesday, July 18, 2012

  • Wednesday, July 18, 2012
  • Elder of Ziyon
Kaspersky Labs analyzes a number of Trojan Horses and malware examples targeting Israel that are apparently written in Iran, in part one of a two part article.

The malware, nicknamed "Madi" (presumably a reference to the Shiite messianic figure of the Madhi), is not sophisticated. Instead, it relies on tried and true methods of social engineering, relying on naive computer users to allow scripts to run in PowerPoint presentations, ignoring the warnings that Windows gives about potentially dangerous actions.

It is well known in the computer security world that people are too likely to fall for such schemes.



Another method used is to send what appear to be JPG images, but in fact they are programs as well, using a known Microsoft bug where Unicode characters in languages that are written right-to-left can create file names that appear to have the extensions of mere images but in fact are executable programs that can do anything to the computer (in this case, a screen saver):



Once the malware is loaded then the attackers can remotely do anything they want on the infected machines.

Again, these are not sophisticated attacks in the least; hackers have been doing things like this for years. But it only takes one stupid victim to click on that cute photo of nature or puppies to compromise an entire company or government department.

This specific malware can take screenshots at regular intervals and also make audio recordings from the victim's computer, which can then be uploaded to the attackers' machines.

The Jerusalem Post reports that Iran is the target of the malware, even though key parts were written by Farsi speakers. I find that hard to believe given that Hebrew in the Powerpoint above, although the people who created the Trojan are not necessarily the same as those that created the Powerpoint macro that calls the Trojan.

UPDATE: It appears I am right:
After analyzing initial data on the virus when it was first publicized Tuesday, Symantec released a report saying that nearly two thirds of the computers that have been infected by Mahdi are in Israel. That is in sharp contrast to initial assessments Tuesday that claimed that the majority of infected systems were in Iran itself. Computer security firm Kaspersky Labs reported on the Mahdi virus on Tuesday.

(h/t Yoel, Ian)

AddToAny

Printfriendly

EoZTV Podcast

Podcast URL

Subscribe in podnovaSubscribe with FeedlyAdd to netvibes
addtomyyahoo4Subscribe with SubToMe

search eoz

comments

Speaking

translate

E-Book

For $18 donation








Sample Text

EoZ's Most Popular Posts in recent years

Hasbys!

Elder of Ziyon - حـكـيـم صـهـيـون



This blog may be a labor of love for me, but it takes a lot of effort, time and money. For 20 years and 40,000 articles I have been providing accurate, original news that would have remained unnoticed. I've written hundreds of scoops and sometimes my reporting ends up making a real difference. I appreciate any donations you can give to keep this blog going.

Donate!

Donate to fight for Israel!

Monthly subscription:
Payment options


One time donation:

Follow EoZ on Twitter!

Interesting Blogs

Blog Archive