Posted: July 18, 2012

Mahdi Description

Mahdi (from Arabic, literally: guided one, or more colloquially: messiah) is a form of spyware that appears to be used primarily for sabotaging the infrastructures of Middle Eastern countries, with a special focus on unlucky Iran. Although Mahdi lacks the technical sophistication of similarly-purposed PC threats like Skywiper (also known as Flame), Mahdi is still a significant threat due to its extremely invasive information-stealing functions. PCs in the Middle East are considered at especial risk for Mahdi infections, which are currently distributed by way of mass-mailed e-mail messages with malicious Microsoft Office files. If you have any cause to think that your PC could be or is compromised by Mahdi, malware experts strongly recommend deleting Mahdi quickly with appropriate software before you take additional actions to secure any confidential information that may have been stolen.

Mahdi: Possibly the Very Worst Savior in Computing History

Belying its name, Mahdi is a spyware-based PC threat that only includes various harmful functions. The majority of Mahdi's features are concerned with stealing information or assisting with the transfer of said information by methods such as:

  • Recording keyboard input to a log file (also known as keylogging).
  • Recording audio input, such as microphones.
  • Grabbing screenshots, either at random intervals or when specific triggers are activated (such as visiting a government or bank website).

Due to the massive amount of information that Mahdi collects, as well as its preferences for distribution, malware analysts have reason to suspect that Mahdi has official backing from an independent nation. While PC users who prefer to keep their computers for personal purposes, such as operating bank accounts, may also be threatened by Mahdi, Mahdi's main purpose appears to be to sabotage government agencies, financial firms and similar entities that are critical to the underlying infrastructure of Iran and surrounding nations. Therefore, you should be particularly alert to potential Mahdi attacks and infections if you use a PC for any of the above entities.

How Mahdi Spreads Its Dreadful Message to Your Mailbox

Mahdi-associated attacks have been ongoing and have spread to at least 800 separate Middle Eastern organizations since December of last year, although some PC security companies have only noted Mahdi in recent months. Distribution for Mahdi is handled by e-mail spam that appears to be targeted very specifically at critical organizations (as noted earlier in this article). malware research team notes that these spear phishing attacks have been known to use multiple disguises for their file attachments, such as PowerPoint files, Word files or even malware articles that were stolen from the Daily Beast.

Deleting these e-mails unopened is an excellent defensive to Mahdi, although malware researchers also recommend having anti-malware software that can scan file attachments before you try to open them. In spite of the risk of Mahdi attacks, Mahdi, like most kinds of spyware, doesn't show visible symptoms of its attacks and is easiest detected by appropriate software.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to Mahdi may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

One Comment

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.