Mahdi – the piece of malware that relies on social engineering to spread throughout the networks of organizations from the Middle East, but also from the United States and Germany – has been improved numerous times in the past few months by its developers.
According to researchers from Seculert
, some of the improved versions are undetected by most security firms. It seems that the new variants are designed to evade antivirus detection better than the old ones.
While most of the older versions have been communicating with a number of four command and control (C&C) servers located in Canada, a new variant has been seen communicating with a fifth C&C housed in the same country.
So far, it’s believed that Mahdi successfully attacked over 150 organizations worldwide and judging by the commitment shown by its developers, no one should be surprised if the number increases.