For eight months now, a computer virus dubbed Mahdi (the prophesied redeemer of Islam) has been plaguing the Middle East.
The virus is a Trojan horse that can record every keystroke, steal login information, take screen shots of activity such as emails and social networking chats and record audio in the vicinity of the infected computer. According to Seculert, the Israeli company that identified the virus, many gigabytes of data have been collected over the last eight months.
Though it has been identified, the virus has not yet been disabled.
Experts at Kapersky Labs announced on Tuesday that Mahdi was discovered in the course of a joint investigation with Seculert, which specializes in locating cyberthreats. The experts identified more than 800 victims in Israel, Iran and a few other countries. Victims were originally targeted with emails containing videos of nuclear explosions, photos of Jesus, and news articles about Israel versus Iran. Some malicious emails had slideshows of calming photos attached.
During efforts to determine the source of the virus, Seculert found that several of the virus's components included strings in Farsi as well as dates in the Persian calendar format, indicating that the virus originated in Iran.
"The targeted victims of Mahdi include critical infrastructure companies, financial services and government embassies, which are all located in Iran, Israel and several other Middle Eastern countries," Seculert reported on their blog.
Initially, Seculert approached Kaspersky Labs to determine whether there was any connection between the Mahdi virus and the massive virus discovered earlier this year by Kaspersky — Flame. Flame, an extremely sophisticated virus, mainly targeted Iranian computers though it was discovered in many other countries as well. As of yet, no connection has been found.