Syrians, Iranians endangered by key-log tricked proxy

Iranians and Syrians that search the web for a popular censorship evading proxy, ‘Simurgh’, are at risk of downloading a fake, trojanised version of the privacy tool.

Iranians and Syrians that search the web for a popular censorship evading proxy, ‘Simurgh’, are at risk of downloading a fake, trojanised version of the privacy tool. s Canadian digital and human rights group Citizen Lab last week warned that a fake version of the Iranian ‘Simurgh’ proxy contained a backdoor, which could, by way of a keylogger, lead to the user’s identification.

Green Simurgh (Pheonix) is free service for Windows PCs that connects to a US IP address and is promoted in Iran as a means to privately bypass the nation’s strict web censorship regime.

Citizen Lab says it became aware of the tricked version of the proxy after Simurgh was circulated amongst internet users from Iran’s troubled regional neighbour, Syria.

Simrugh warns on its official site simrghesabz.net that malicious versions of its proxy software have been found on popular online storage site, 4Shared.

The fake version launches an installer that implants a remote access tool and trojan that silences the ‘click’ navigation sound in Internet Explorer browsers and logs user keystrokes.

“The real software is standalone and does not require installation, which is ideal for people who want to run it from a USB memory stick at cybercafes and other public access points,” says Sophos senior security advisor, Chester Wisniewski.

Citizen Labs’ technical advisor, Morgan Marquis-Boire said the keystroke logs are sent to a Saudi Arabian ISP, however Wisniewski clarified the logs are actually sent to servers hosted in the US that appear to be registered to an entity in Saudi Arabia.

Wherever it is going, Citizen Labs’ technical advisor, Morgan Marquis-Boire points out that it has clearly defined targets.

“This Trojan has been specifically crafted to target people attempting to evade government censorship. Given the intended purpose of this software, users must be very careful if they have been infected by this Trojan.”

Comments

Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Sophos SafeGuard Enterprise

Your central key for data protection

Latest Jobs
Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.