"Pay my troops no mind; they're just on a fact-finding mission."

New Worm Targeting Infrastructure Companies In Israel, Iran, Afghanistan Found

new cyber espionage threat, known as Madi, has been uncovered targeting over 800 victims in Israel, Iran and Afganistan.

The active cyber-espionage campaign is targetting very specific victims including employees of critical infrastructure companies, financial services and government embassies, which are mainly located in Middle Eastern countries.

So far it is unclear whether or not this is a state-sponsored campaign like Stuxnet and Flame but the security company which first identified it, Seculert, has said the operation could require “a large investment and financial backing.” However the Madi info-stealing malware is also technically rudimentary in comparison to Stuxnet and Flame.

The malware was embedded within documents, such as text files and PowerPoint presentations, sent to specific victims. Once opened the malware would install on the victim’s PC and connect with one of four Command and Control (C&C) servers around the world – including Canada and Iran.

Info-stealing trojan

According to Kaspersky Lab, the Madi info-stealing Trojan enables remote attackers to steal sensitive files from infected Windows computers, monitor sensitive communications such as email and instant messages, record audio, log keystrokes, and take screenshots of victims’ activities. Data analysis suggests that multiple gigabytes of data have been uploaded from victims’ computers.

While it is still unclear who is behind the Madi malware, one indicator of its provenance was discovered within the code: “Interestingly, our joint analysis uncovered a lot of Persian strings littered throughout the malware and the C&C tools, which is unusual to see in malicious code. The attackers were no doubt fluent in this language,” said Aviv Raff, Chief Technology Officer at Seculert.


Percent of Pop                Largest Build-Up

Arabs 1.51% 470,580 Quebec (2.8%)

More here:

One response to “New Worm Targeting Infrastructure Companies In Israel, Iran, Afghanistan Found

  1. Pingback: Daily Linkage – July 18, 2012 | The Second Estate

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: