1 / 13

Mahdi The “Messiah”

Learn about the unique Mahdi Trojan, a data-stealing malware targeting critical infrastructure and government entities in the Middle East. Discover its effects, how to remove it, and references for further reading.

hortonr
Download Presentation

Mahdi The “Messiah”

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Mahdi The “Messiah” (CPSC 620) Akash Mudubagilu Arindam Gupta

  2. Agenda • Computer Trojan • Mahdi • What makes it special • Mahdi Targets • Effects • How to remove • References

  3. What is Trojan ? • A Trojan is a program that may appear to be legitimate, but in fact does something malicious.  • Destructive program • steals information or harms the system • Does not replicate

  4. Mahdi • Also known as Madi • Data-stealing Trojan  • Attack relies on social engineering techniques to get onto targeted computers. • Records • Keystrokes • Screen shots • Audio • Steal text and image files

  5. Contd.. • The following is an email example which included a malicious PowerPoint attachment

  6. Contd.. • In another example the PowerPoint when opened, displays a series of video stills showing a missile destroying a jet plane

  7. What makes it special ? • Reference in the code to the word for the Islamic Messiah. • Use of Farsi Language. • Persian calendar format. • It can update itself. • The creators are still at work • Always takes latest code definition.

  8. Contd.. • Communicates with command-and-control server • Uploads stolen data • Gets instructions from the server

  9. Mahdi targets • Critical infrastructure firms • Engineering students,  • Financial services firms • Government embassies located in Middle Eastern countries, with the majority of the infections in Iran. • Also been found in countries like United States and New Zealand.

  10. Mahdi Infections

  11. Effects • Google and Yahoo searches are redirected. • Desktop background image and browser homepage settings changed. • Slows down the computer considerably. • Will get unwanted pop-ups. Also corrupts windows registry and uses it to deploy annoying pop-ups. • Large amount of data uploaded. • Might make the internet connection slow. • Uploads sensitive information to server.

  12. How to Remove • Auto- Removal • System Restore. • Install a tool to remove the malware. • Manual Removal • Stop Mahdi process from Task Manager. • Uninstall Mahdi from Control Panel, Add/Remove programs. • Open windows registry, find and remove all Mahdi registry files. • Delete all Mahdi related files from the computer.

  13. References • http://news.cnet.com/8301-1009_3-57503949-83/a-whos-who-of-mideast-targeted-malware/ • http://news.cnet.com/8301-1009_3-57474405-83/mahdi-messiah-malware-targeted-israel-iran-pcs/ • http://blog.seculert.com/2012/07/mahdi-cyberwar-savior.html • http://www.symantec.com/connect/blogs/madi-attacks-series-social-engineering-campaigns • http://www.nextgov.com/cybersecurity/2012/08/mahdi-spyware-operation-broadens-middle-east/57761/?oref=ng-channelriver • http://www.reuters.com/article/2012/08/29/us-cybersecurity-middleeast-idUSBRE87S0EK20120829

More Related