Home Malware Programs Malware Mahdi

Mahdi

Posted: July 18, 2012

Threat Metric

Threat Level: 2/10
Infected PCs: 62
First Seen: July 18, 2012
OS(es) Affected: Windows

Mahdi (from Arabic, literally: guided one, or more colloquially: messiah) is a form of spyware that appears to be used primarily for sabotaging the infrastructures of Middle Eastern countries, with a special focus on unlucky Iran. Although Mahdi lacks the technical sophistication of similarly-purposed PC threats like Skywiper (also known as Flame), Mahdi is still a significant threat due to its extremely invasive information-stealing functions. PCs in the Middle East are considered at especial risk for Mahdi infections, which are currently distributed by way of mass-mailed e-mail messages with malicious Microsoft Office files. If you have any cause to think that your PC could be or is compromised by Mahdi, SpywareRemove.com malware experts strongly recommend deleting Mahdi quickly with appropriate software before you take additional actions to secure any confidential information that may have been stolen.

Mahdi: Possibly the Very Worst Savior in Computing History

Belying its name, Mahdi is a spyware-based PC threat that only includes various harmful functions. The majority of Mahdi's features are concerned with stealing information or assisting with the transfer of said information by methods such as:

  • Recording keyboard input to a log file (also known as keylogging).
  • Recording audio input, such as microphones.
  • Grabbing screenshots, either at random intervals or when specific triggers are activated (such as visiting a government or bank website).

Due to the massive amount of information that Mahdi collects, as well as its preferences for distribution, malware analysts have reason to suspect that Mahdi has official backing from an independent nation. While PC users who prefer to keep their computers for personal purposes, such as operating bank accounts, may also be threatened by Mahdi, Mahdi's main purpose appears to be to sabotage government agencies, financial firms and similar entities that are critical to the underlying infrastructure of Iran and surrounding nations. Therefore, you should be particularly alert to potential Mahdi attacks and infections if you use a PC for any of the above entities.

How Mahdi Spreads Its Dreadful Message to Your Mailbox

Mahdi-associated attacks have been ongoing and have spread to at least 800 separate Middle Eastern organizations since December of last year, although some PC security companies have only noted Mahdi in recent months. Distribution for Mahdi is handled by e-mail spam that appears to be targeted very specifically at critical organizations (as noted earlier in this article). SpywareRemove.com malware research team notes that these spear phishing attacks have been known to use multiple disguises for their file attachments, such as PowerPoint files, Word files or even malware articles that were stolen from the Daily Beast.

Deleting these e-mails unopened is an excellent defensive to Mahdi, although SpywareRemove.com malware researchers also recommend having anti-malware software that can scan file attachments before you try to open them. In spite of the risk of Mahdi attacks, Mahdi, like most kinds of spyware, doesn't show visible symptoms of its attacks and is easiest detected by appropriate software.

One Comment

  • Alicia says:

    When i have a problem such as those fake pop up thetras i usually question a friend to re-install my XP clearing everything in the C and leaving the D files untouched i realized that my AVG anti-virus free version is useless on those fake thetras im still using it but i will have a setup of that microsoft anti-virus in my PC just in case

Loading...