Syrians, Iranians endangered by key-log tricked proxy

Iranians and Syrians that search the web for a popular censorship evading proxy, ‘Simurgh’, are at risk of downloading a fake, trojanised version of the privacy tool.
  • Liam Tung (CSO Online)
  • — 30 May, 2012 11:36

Iranians and Syrians that search the web for a popular censorship evading proxy, ‘Simurgh’, are at risk of downloading a fake, trojanised version of the privacy tool. s Canadian digital and human rights group Citizen Lab last week warned that a fake version of the Iranian ‘Simurgh’ proxy contained a backdoor, which could, by way of a keylogger, lead to the user’s identification.

Green Simurgh (Pheonix) is free service for Windows PCs that connects to a US IP address and is promoted in Iran as a means to privately bypass the nation’s strict web censorship regime.

Citizen Lab says it became aware of the tricked version of the proxy after Simurgh was circulated amongst internet users from Iran’s troubled regional neighbour, Syria.

Simrugh warns on its official site that malicious versions of its proxy software have been found on popular online storage site, 4Shared.

The fake version launches an installer that implants a remote access tool and trojan that silences the ‘click’ navigation sound in Internet Explorer browsers and logs user keystrokes.

“The real software is standalone and does not require installation, which is ideal for people who want to run it from a USB memory stick at cybercafes and other public access points,” says Sophos senior security advisor, Chester Wisniewski.

Citizen Labs’ technical advisor, Morgan Marquis-Boire said the keystroke logs are sent to a Saudi Arabian ISP, however Wisniewski clarified the logs are actually sent to servers hosted in the US that appear to be registered to an entity in Saudi Arabia.

Wherever it is going, Citizen Labs’ technical advisor, Morgan Marquis-Boire points out that it has clearly defined targets.

“This Trojan has been specifically crafted to target people attempting to evade government censorship. Given the intended purpose of this software, users must be very careful if they have been infected by this Trojan.”

Google introduces Chrome 'factory reset' pop-ups to tackle extensions hijacks

Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Security Solutions-GigaVUE-2404

Newgen provides innovative network monitoring and security solutions based upon Gigamon’s GigaVUE-2404

Latest Jobs
Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).

  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.