‘Mahdi’ virus stole data on national infrastructure

Computer virus with Persian words in program code that infected Israeli computers turns on recording devices, steal files.

July 19, 2012 05:11
1 minute read.
Hacked (illustrative)

Hacked 311. (photo credit: Thinkstock/Imagebank)


Dear Reader,
As you can imagine, more people are reading The Jerusalem Post than ever before. Nevertheless, traditional business models are no longer sustainable and high-quality publications, like ours, are being forced to look for new ways to keep going. Unlike many other news organizations, we have not put up a paywall. We want to keep our journalism open and accessible and be able to keep providing you with news and analysis from the frontlines of Israel, the Middle East and the Jewish World.

As one of our loyal readers, we ask you to be our partner.

For $5 a month you will receive access to the following:

  • A user experience almost completely free of ads
  • Access to our Premium Section
  • Content from the award-winning Jerusalem Report and our monthly magazine to learn Hebrew - Ivrit
  • A brand new ePaper featuring the daily newspaper as it appears in print in Israel

Help us grow and continue telling Israel’s story to the world.

Thank you,

Ronit Hasin-Hochman, CEO, Jerusalem Post Group
Yaakov Katz, Editor-in-Chief


A new computer virus with Persian words in its programming code infected sensitive computers across the Middle East, including Israel, and gathered information on critical national  infrastructure, an Israeli security expert who helped uncover the virus told The Jerusalem Post Wednesday.

The Trojan horse has been dubbed “Mahdi” after the Shi’ite Iranian messiah-like figure, since the programmers appear to have used a key folder with that name and also included a text file named mahdi.txt in the malicious software.

Aviv Raff, deputy chief technology officer at the Petah Tikva-based Seculert company, which discovered the new virus, said that like the earlier Flame virus discovered in Iranian computers, the new Trojan horse could turn on microphones in computers, record in-room conversations, take screenshots and steal file content.

He named the five states with the highest number of infected computers – Afghanistan, Iran, Israel, Saudi Arabia and the UAE – with first Iran, then Israel the most affected.

“The aim was to create a document containing information [and send it out to a remote user], which was to be used for [an unknown] future mission,” Raff told the Post on Wednesday.

In Israel, as in other countries, computers found to be infected by Mahdi belonged to people working on national infrastructure projects as well as engineering students.

Raff said that while the program code was effective, it was not so complex and was created quickly. “Whoever did this needed to have some kind of financial backup.

It’s a big threat to any state’s security,” he added.

Seculert asked the large Russian Kapersky Lap computer security company to investigate the virus. In a joint press release on Tuesday, Seculert and Kapersky said the Trojan Horse has been operating for the past several months, and had also gathered information on financial bodies and academic institutions.

Reuters contributed to this report.

Join Jerusalem Post Premium Plus now for just $5 and upgrade your experience with an ads-free website and exclusive content. Click here>>

Related Content

idf hebron
August 22, 2014
Palestinians throw Molotov cocktail at IDF checkpoint in Hebron