Mahdi Malware Makers Push Anti-American Update

By | July 26, 2012

Source: Information Week

by  Mathew J. Schwartz

In this article “Mounting evidence suggests that the Mahdi malware was built by Iranians, for the primary purpose of spying on people inside Iran.

Notably, while the four command-and-control (C&C) servers controlling Mahdi-infected PCs are based in Canada, the oldest sample of the Mahdi malware discovered thus far–dating from December 2011–interfaced with a C&C server located in Tehran, Iran.

What accounts for the Iran-based C&C server? “I think it was a mistake,” said Aviv Raff, CTO of Israel-based Seculert, in an interview at Black Hat 2012 in Las Vegas. That is, whoever developed Mahdi may have inadvertently released into the wild versions which still connected to a test server, rather than production servers that had been set up overseas and meant to disguise the malware’s origins.”

Leave a Reply