Mahdi The “Messiah” (CPSC 620) Akash Mudubagilu Arindam Gupta
Mahdi The “Messiah”
Feb 22, 2016
Mahdi The “Messiah”. (CPSC 620) Akash Mudubagilu Arindam Gupta. Agenda. Computer Trojan Mahdi W hat makes it special Mahdi Targets Effects How to remove References. What is Trojan ?. A Trojan is a program that may appear to be legitimate, but in fact does something malicious. - PowerPoint PPT Presentation
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Stuxnet
Mahdi The Messiah(CPSC 620)Akash MudubagiluArindam Gupta
AgendaComputer TrojanMahdiWhat makes it specialMahdi TargetsEffectsHow to removeReferences
What is Trojan ?ATrojan is a program that may appear to be legitimate, but in fact does something malicious.Destructive programsteals information or harms the systemDoes not replicate
Mahdi Also known as MadiData-stealing TrojanAttack relies on social engineering techniques to get onto targeted computers.Records KeystrokesScreen shotsAudioSteal text and image files
Contd.. The following is an email example which included a malicious PowerPoint attachment
Contd.. In another example the PowerPoint when opened, displays a series of video stills showing a missile destroying a jet plane
What makes it special ?Referencein the code to the word for the Islamic Messiah.Use of Farsi Language.Persian calendar format.It can update itself.The creators are still at workAlways takes latest code definition.
Contd..Communicates with command-and-control server Uploads stolen dataGets instructions from the server
Mahdi targetsCritical infrastructure firmsEngineering students,Financial services firmsGovernment embassies located in Middle Eastern countries, with the majority of the infections in Iran.Also been found in countries like United States and New Zealand.
Mahdi Infections
EffectsGoogle and Yahoo searches are redirected. Desktop background image and browser homepage settings changed.Slows down the computer considerably.Will get unwanted pop-ups. Also corrupts windows registry and uses it to deploy annoying pop-ups.Large amount of data uploaded.Might make the internet connection slow.Uploads sensitive information to server.
How to RemoveAuto- RemovalSystem Restore.Install a tool to remove the malware.Manual RemovalStop Mahdi process from Task Manager.Uninstall Mahdi from Control Panel, Add/Remove programs.Open windows registry, find and remove all Mahdi registry files. Delete all Mahdi related files from the computer.
Referenceshttp://news.cnet.com/8301-1009_3-57503949-83/a-whos-who-of-mideast-targeted-malware/http://news.cnet.com/8301-1009_3-57474405-83/mahdi-messiah-malware-targeted-israel-iran-pcs/http://blog.seculert.com/2012/07/mahdi-cyberwar-savior.htmlhttp://www.symantec.com/connect/blogs/madi-attacks-series-social-engineering-campaignshttp://www.nextgov.com/cybersecurity/2012/08/mahdi-spyware-operation-broadens-middle-east/57761/?oref=ng-channelriverhttp://www.reuters.com/article/2012/08/29/us-cybersecurity-middleeast-idUSBRE87S0EK20120829
null27010.762null28369.16null75754.68null45975.105null40829.25null33149.65null69772.055null42161.426null39601.56null45374.32null90933.305null74500.68null12042.418
Related Documents
