Mahdi spyware operation broadens in the Middle East


Developers of malware have tweaked code to evade anti-virus programs.

A spyware operation targeting Iran and other parts of the Middle East has broadened as developers of the Mahdi trojan have changed its code to evade detection from anti-virus programs, Reuters reports.

The malware monitors emails and gives remote players access to files on computers. It can also log keystrokes and capture screen shots.

Security researchers put the spyware in the spotlight last month. Since then, Israeli security company Seculert said that it has identified about 150 new Mahdi victims over the past six weeks and its code has been altered, making it trickier for antivirus software to detect the malware, according to the report.

Mahdi targets include critical infrastructure firms, engineering students, financial services firms and government embassies located in Middle Eastern countries, with the majority of the infections in Iran, according to Seculert and Moscow-based antivirus company Kaspersky Lab, which also collaborated in efforts to analyze Mahdi.

Mahdi is believed to be a less sophisticated and professional campaign than the Stuxnet operation, which targeted Iran's nuclear program in 2010. It is unclear who launched the virus and how closely the players are connected with state entities.