Over the past two years, governments in the Middle East have been targeted by sophisticated spying software, apparently created by world-class researchers whom unknown nation-states are paying to target sensitive data and infrastructure. Yet the latest piece of malware successfully spying on banks, government departments, and companies in Iran and nearby countries is almost laughably amateur. Experts believe that the software, called Mahdi, may have been created by activists. This possibility suggests that the United States and other governments fretting about their vulnerability to cyberwar (see "NSA Boss Wants More Control Over the Net") may need to worry about more than just other nations.
"One of my initial reactions was 'Are you kidding?'" says researcher Roel Schouwenberg of the computer security company Kaspersky, referring to the ineptly created malware. Mahdi, which was named by researchers who discovered the program at the Israeli security company Seculert, is bloated, buggy, and written using techniques suggesting that its creators are significantly less talented than those behind Stuxnet, Flame, or Gauss, says Schouwenberg. Those forms of malware, targeted at the Middle East, stunned researchers with their sophistication (see "A Way to Attack Nuclear Plants" and "The Antivirus Era Is Over").
Yet Mahdi has still been effective. Once it has infiltrated a computer, it secretly sends data back to its operators—documents, logs of keystrokes, audio recordings, and screenshots of activities such as a user accessing e-mail. "It has managed to infiltrate companies in the financial sector and critical infrastructure," says Schouwenberg. Other targets include government departments and engineering researchers and students.