'Madi' Cyber Espionage Malware Hits Middle East Targets 45
DavidGilbert99 writes "Following the discovery of the highly-complex Flame virus in May, two security companies (Seculert and Kaspersky Lab) have uncovered a new cyber-espionage threat against the Middle East. Madi, or Madhi, is an information-stealing trojan which is technically a lot simpler than Flame or Stuxnet but is specifically targeting people in critical infrastructure companies, financial services and government embassies, which are mainly located in Iran, Israel and Afghanistan. The Madi creators use social engineering techniques to spread, embedding the malware in various documents including text files and PowerPoint presentations. It is unclear if the malware is state-sponsored or not, but it has already stolen several gigabytes of information and is still active."
Text files? Go on.... (Score:3, Interesting)
"embedding the malware in various documents including text files"
I assume they mean word-processing or other "not quite plain text" files, or perhaps "text files that are really textual representations of computer instructions" e.g. text files that embed macros that are interpreted by the text-processing software.
While it's theoretically possible for a carefully-crafted plain-text file to exploit a security vulnerability in a particular text-processing program, it would have to be a narrowly targeted attack and it would be easily defeated by now-alert customers who simply change to a different text-processing program.
It's also theoretically possible that there is an exploit in the text-handing APIs of the operating environment in use by the intended targets.