A new computer virus with Persian words in its programming code infected
sensitive computers across the Middle East, including Israel, and gathered
information on critical national infrastructure, an Israeli security
expert who helped uncover the virus told The Jerusalem Post
Wednesday.
The Trojan horse has been dubbed “Mahdi” after the Shi’ite
Iranian messiah-like figure, since the programmers appear to have used a key
folder with that name and also included a text file named mahdi.txt in the
malicious software.
Aviv Raff, deputy chief technology officer at the
Petah Tikva-based Seculert company, which discovered the new virus, said that
like the earlier Flame virus discovered in Iranian computers, the new Trojan
horse could turn on microphones in computers, record in-room conversations, take
screenshots and steal file content.
He named the five states with the
highest number of infected computers – Afghanistan, Iran, Israel, Saudi Arabia
and the UAE – with first Iran, then Israel the most affected.
“The aim
was to create a document containing information [and send it out to a remote
user], which was to be used for [an unknown] future mission,” Raff told the Post
on Wednesday.
In Israel, as in other countries, computers found to be
infected by Mahdi belonged to people working on national infrastructure projects
as well as engineering students.
Raff said that while the program code
was effective, it was not so complex and was created quickly. “Whoever did this
needed to have some kind of financial backup.
It’s a big threat to any
state’s security,” he added.
Seculert asked the large Russian Kapersky
Lap computer security company to investigate the virus. In a joint press release
on Tuesday, Seculert and Kapersky said the Trojan Horse has been operating for
the past several months, and had also gathered information on financial bodies
and academic institutions.
Reuters contributed to this report.