Altered Proxy Spreads Trojan Virus

(Ping! Zine Web Tech Magazine) – Censoring the web activities of citizens is an unfortunately common practice by governments in the middle-east and elsewhere (China included).

Accessing particular websites is commonly prohibited. Meanwhile, those affected have increasingly used alternative methods to bypass imposed restrictions. One way to do so is by using proxy software.

However, a Wednesday report from The Citizen Lab (University of Toronto) indicated that a version of one such proxy solution had been maliciously altered by hackers to spread a trojan virus.

Known as Simurgh, the proxy is commonly used by citizens in countries including Iran and Syria. “The malicious copy will install the Simurgh software, but will also install an undesirable backdoor on the victim’s computer,” commented Morgan Marquis-Boire of the Citizen Lab.

The infection occurs with the software installing binaries in a Windows driver directory, thus adding a new registry entry. The trojan horse itself is capable of using data mining tactics to steal a victim’s information and remotely reroute it to a web presence registered with a provider in Saudi Arabia.

Meanwhile, the makers of the popular proxy have responded by asking users to download the real version via simurghesabz.net.

The middle-east has recently been in the news for other virus problems. On Tuesday, Kaspersky Lab detailed the presence of a massive computer virus most notably affecting Iran. The security company referred to it as “the most sophisticated cyber weapon yet unleashed” and said it likely originated from a nation state.

 

Advertisement