Seculert: Security company that found Mahdi Trojan gets fresh funding

The security company has recently closed a funding round which it will use to add to its workforce - with new recruits potentially facing a very interesting job interview
Written by David Shamah, Contributor

Israeli security company Seculert has closed a $5.35m round of financing.

The funding, announced last week, will be used to expand Seculert's workforce (currently it has 15 employees, all doing R&D or database work), as the company is "finding that demand for what we offer has grown steadily, and significantly in recent months," Seculert CEO Dudi Matot said.

Those hoping to join the company could face an interesting job interview: Seculert sponsors a "malware reverse engineering challenge," in which candidates are presented with a malware sample, then asked to reverse engineer it, discovering how it infects systems, and how it communicates with a command and control server.

Those who succeed at the challenge get 1,000 Israeli shekels (about $240) and an iPad or Galaxy Tab – plus a chance to work at Seculert, according Matot. "Those are the kind of people who are making Seculert everything we want it to be," he added.

Seculert provides an automatic detection system for malware on all devices both inside, and connecting to, a particular network.

"We are completely agnostic when it comes to devices," Matot said. "We can ferret out malware in anything that is on the network, whether it's PCs, laptops, iPads, printers, and so on. That includes anything that connects from outside the network, like from a vendor or an employee working at home, or from a remote office. Everything is done in the cloud, and there is no need to install anything."

Seculert keeps track of the IP traffic, comparing suspicious-looking transmissions with its database of malware, culled from all over the internet, as well as from the security partners it works with.

Customers log onto a secure dashboard, which shows any problems they should be concerned about, and where they are on the network. Seculert can also analyse log files from existing security or monitoring systems and add those results to the dashboard.

Among the threats on Seculert's radar is the <a href="https://www.zdnet.com/religious-themed-madi-malware-hitting-select-targets-in-iran-israel-7000001058/">Mahdi (or Madi) Trojan</a>. Although offically outed by Kaspersky this week, Mahdi was in fact discovered by Seculert researchers last December.

Madhi apparently shares some elements with the Flame Trojan, which surfaced earlier this year. Just like Flame, Mahdi has several components that can record video, audio, and keystrokes, and can be updated remotely.

However, Mahdi appears to be far less sophisticated than Flame: in one of its permutations, for example, users are asked to click on what appears to be a JPEG, but is really an executable .scr file -- a trick many users are likely to spot.

The Trojan, which has affected computers in the Middle East and beyond, appears to be targeting Israeli users, with the messages it carries written in (very poorly-written) Hebrew.

The Trojan is attached to an innocent-looking document, Powerpoint presentation, JPEG, or video, and contains screenshots, slides, and text on religious themes, nuclear war and "Israeli cruelty" to the Palestinians, according to Kaspersky.

The Madi Trojan may or may not have been designed in Iran: it apparently includes strings in Farsi as well as dates in the Persian calendar format.

"[Madi's] Targets like Iran, Israel, and Saudi Arabia might suggest involvement of a nation state, however our research has not found evidence that this is the case. Instead, the current research indicates these attacks are being conducted by an unknown Farsi-speaking hacker with a broad agenda," Symantec wrote in a blog on Wednesday.

When it was first discovered, "the malware communicated with... [a] server located in Tehran, Iran," although the command and control server it is connected to has apparently moved elsewhere, Seculert said in a blog post on Tuesday.

Research on Mahdi will continue, thanks in part to Seculert's new funding round.

Screenshot of the Mahdi malware in action
Screenshot of the Mahdi Trojan in actionImage credit: Kaspersky
Editorial standards