BOSTON - The scope of a cyber espionage campaign targeting Iran and other parts of the Middle East has widened, even after security experts blew the operation's cover last month, according to the research firm that discovered the Mahdi Trojan.
Israeli security company Seculert said that it has identified about 150 new Mahdi victims over the past six weeks as the developers of the virus have changed the code to evade detection from anti-virus programs. That has brought the total number of infections found so far to nearly 1,000, the bulk of them in Iran.
"These guys continue to work," Seculert Chief Technology Officer Aviv Raff said via telephone from the company's headquarters in Israel.
The decision to keep the operation running implies that Mahdi's operators were not particularly worried about getting caught, said Roel Schouwenberg, a senior researcher with Kaspersky Lab, which has collaborated with Seculert in analyzing Mahdi.