{"id":5245,"date":"2012-06-02T21:30:35","date_gmt":"2012-06-03T01:30:35","guid":{"rendered":"https:\/\/1001harf.com\/W3\/?p=5245"},"modified":"2012-06-02T21:32:59","modified_gmt":"2012-06-03T01:32:59","slug":"iranian-anti-censorship-tool-laced-with-spy-malware","status":"publish","type":"post","link":"https:\/\/1001harf.com\/iranian-anti-censorship-tool-laced-with-spy-malware\/","title":{"rendered":"Iranian anti-censorship tool laced with spy malware"},"content":{"rendered":"

\"\"<\/a>A popular Iranian tool used to dodge state censorship turns out to have a hidden code, which records every window click and keystroke and forwards it to a Saudi Arabian-registered server.
\nThe Simurgh program is a lightweight proxy tool, which hides an internet user\u2019s location and makes him or her appear to reside in a different country. It is popular among Iranian liberal youth to hide their identity and access pages, which are otherwise not available in the Islamic Republic due to state restrictions.
\nHowever, apparently the program\u2019s popularity drew unwanted attention. Unknown criminals added malicious code to the original and distributed the fraudulent version through file-sharing sites.
\nThe malware implanted into Simurgh is logging users\u2019 online activity, reports CitizenLab.org website. It records every mouse click and keystroke, as well as some details about the computer running the program and sends the data to a server located in the US. The server appears to be registered to an entity in Saudi Arabia.
\nThe malware is nowhere near in its complexity to the infamous Flame virus, which made headlines recently. Such keyloggers are often used by cyber criminals to steal their victims\u2019 personal data, like credit card numbers or bank account passwords. The fact that most popular anti-virus tools can detect and quarantine the malicious code indicates the low level of the people behind it.
\nThe producer of the original Simurgh tool is now notifying users about the malicious version of their software through their website. The program now also checks for possible security compromise when it is launched and puts up a warning in a splash window, if the malware is detected.<\/p>\n","protected":false},"excerpt":{"rendered":"

A popular Iranian tool used to dodge state censorship turns out to have a hidden code, which records every window click and keystroke and forwards it to a Saudi Arabian-registered … Read More<\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[11],"tags":[289,2232,25,2234,2235],"_links":{"self":[{"href":"https:\/\/1001harf.com\/wp-json\/wp\/v2\/posts\/5245"}],"collection":[{"href":"https:\/\/1001harf.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/1001harf.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/1001harf.com\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/1001harf.com\/wp-json\/wp\/v2\/comments?post=5245"}],"version-history":[{"count":0,"href":"https:\/\/1001harf.com\/wp-json\/wp\/v2\/posts\/5245\/revisions"}],"wp:attachment":[{"href":"https:\/\/1001harf.com\/wp-json\/wp\/v2\/media?parent=5245"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/1001harf.com\/wp-json\/wp\/v2\/categories?post=5245"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/1001harf.com\/wp-json\/wp\/v2\/tags?post=5245"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}