Monday, July 30, 2012

Virus Mahdi returns

Experts have discovered a new version of the malicious program in which the creators have developed a number of new features.

According to the expert, "Kaspersky Lab" Brule Nicolas (Nicolas Brulez), July 24 this year, researchers have discovered a new version of the malware Mahdi, neutralization of the servers, which reported last week.

The detected version of the virus has received a number of additional functions. Now, the malicious program can monitor users of social networking "VKontakte", as well as to establish surveillance of the victims, using the key word searches. The virus keeps track of all requests with the words «USA», «gov», «gmail», «hotmail», «skype», «yahoo! mail »,« share »,« outlook », etc. If the malware detects the relevant search query, it takes a snapshot of a computer monitor of the victim and immediately sends it to the command server. The researcher believes that the ability to immediately send the stolen information, not data storage instructions before the server is the main and most dangerous feature of the new version of the virus.

In addition, the new version of the virus creates a mutex called «miMutexCopy Mohammad Etedali« www.irandelphi.ir », and writes a file called « datikal.dll ». Next, the program checks your system for keyloggers, whose code is identical to the code in the previous version of the virus.

According to Brule, a new version of the Mahdi is very similar to attacking Iranian computer systems Flame.

New C & C-malware servers have been found in Montreal, Canada. Previous version servers were located, both in Montreal and in Tehran, Iran. According to the expert, the creators of the virus did not stop there and equipped with a new version of the more complex functions and new features.

No comments:

Post a Comment