There is yet another computer virus infecting machines in Iran, Israel, Saudi Arabia and some other countries in the Middle East. This time, the virus is actively spying on infected computers by taking screen shots, recording keystrokes, transfering documents and spreadsheets and forwarding email. What makes this virus unique is that it appears to have been written by people who speak Farsi, the main language of Iran. It also has files that reference the Mahdi, who is the equivalent of the Messaiah for the Shiite Muslims of Iran.
So who got infected? About 80% of the known infections are inside Iran. The sites include embassies, company offices and elsewhere. About 10% of the infections are in Israel. In that country, engineering firms that specialize in infrastructure design were hit along with other sites.
Is this the Iranian response to the Stuxnet and Flame viruses? It may be since it was written in Farsi. The timing seems suspect, however. The Mahdi virus seems to have first been planted before the Stuxnet issue became public. Of course, the Iranian government may have discovered Stuxnet earlier than we know and begun an attempt at countermeasures. And why would Iran infect sites in its own country? Surely, to spy on internal opponents of the regime.
The opinion of the virus experts is that the Mahdi virus is quite simple in scope and ability compared to Stuxnet or Flame. Nevertheless, it has managed to acquire many Gigabytes of important data.
So far, this entire topic has hardly been mentioned in the American media. It will be interesting to see if the subject ever surfaces.
No comments:
Post a Comment