Mahdi
Posted: July 18, 2012
Threat Metric
The following fields listed on the Threat Meter containing a specific value, are explained in detail below:
Threat Level: The threat level scale goes from 1 to 10 where 10 is the highest level of severity and 1 is the lowest level of severity. Each specific level is relative to the threat's consistent assessed behaviors collected from SpyHunter's risk assessment model.
Detection Count: The collective number of confirmed and suspected cases of a particular malware threat. The detection count is calculated from infected PCs retrieved from diagnostic and scan log reports generated by SpyHunter.
Volume Count: Similar to the detection count, the Volume Count is specifically based on the number of confirmed and suspected threats infecting systems on a daily basis. High volume counts usually represent a popular threat but may or may not have infected a large number of systems. High detection count threats could lay dormant and have a low volume count. Criteria for Volume Count is relative to a daily detection count.
Trend Path: The Trend Path, utilizing an up arrow, down arrow or equal symbol, represents the level of recent movement of a particular threat. Up arrows represent an increase, down arrows represent a decline and the equal symbol represent no change to a threat's recent movement.
% Impact (Last 7 Days): This demonstrates a 7-day period change in the frequency of a malware threat infecting PCs. The percentage impact correlates directly to the current Trend Path to determine a rise or decline in the percentage.
| Threat Level: | 2/10 |
|---|---|
| Infected PCs: | 62 |
| First Seen: | July 18, 2012 |
|---|---|
| OS(es) Affected: | Windows |
Mahdi (from Arabic, literally: guided one, or more colloquially: messiah) is a form of spyware that appears to be used primarily for sabotaging the infrastructures of Middle Eastern countries, with a special focus on unlucky Iran. Although Mahdi lacks the technical sophistication of similarly-purposed PC threats like Skywiper (also known as Flame), Mahdi is still a significant threat due to its extremely invasive information-stealing functions. PCs in the Middle East are considered at especial risk for Mahdi infections, which are currently distributed by way of mass-mailed e-mail messages with malicious Microsoft Office files. If you have any cause to think that your PC could be or is compromised by Mahdi, SpywareRemove.com malware experts strongly recommend deleting Mahdi quickly with appropriate software before you take additional actions to secure any confidential information that may have been stolen.
Mahdi: Possibly the Very Worst Savior in Computing History
Belying its name, Mahdi is a spyware-based PC threat that only includes various harmful functions. The majority of Mahdi's features are concerned with stealing information or assisting with the transfer of said information by methods such as:
- Recording keyboard input to a log file (also known as keylogging).
- Recording audio input, such as microphones.
- Grabbing screenshots, either at random intervals or when specific triggers are activated (such as visiting a government or bank website).
Due to the massive amount of information that Mahdi collects, as well as its preferences for distribution, malware analysts have reason to suspect that Mahdi has official backing from an independent nation. While PC users who prefer to keep their computers for personal purposes, such as operating bank accounts, may also be threatened by Mahdi, Mahdi's main purpose appears to be to sabotage government agencies, financial firms and similar entities that are critical to the underlying infrastructure of Iran and surrounding nations. Therefore, you should be particularly alert to potential Mahdi attacks and infections if you use a PC for any of the above entities.
How Mahdi Spreads Its Dreadful Message to Your Mailbox
Mahdi-associated attacks have been ongoing and have spread to at least 800 separate Middle Eastern organizations since December of last year, although some PC security companies have only noted Mahdi in recent months. Distribution for Mahdi is handled by e-mail spam that appears to be targeted very specifically at critical organizations (as noted earlier in this article). SpywareRemove.com malware research team notes that these spear phishing attacks have been known to use multiple disguises for their file attachments, such as PowerPoint files, Word files or even malware articles that were stolen from the Daily Beast.
Deleting these e-mails unopened is an excellent defensive to Mahdi, although SpywareRemove.com malware researchers also recommend having anti-malware software that can scan file attachments before you try to open them. In spite of the risk of Mahdi attacks, Mahdi, like most kinds of spyware, doesn't show visible symptoms of its attacks and is easiest detected by appropriate software.
When i have a problem such as those fake pop up thetras i usually question a friend to re-install my XP clearing everything in the C and leaving the D files untouched i realized that my AVG anti-virus free version is useless on those fake thetras im still using it but i will have a setup of that microsoft anti-virus in my PC just in case