A computer trojan controlled by servers in Iran that has been targeting energy companies and government agencies has infected computers in New Zealand, security company Symantec says.

The Madi trojan was first found in December and is designed to steal files and secretly capture victims' keystrokes.

Symantec said that while three- quarters of the infections it had detected had been in Israel and Saudi Arabia, 7 per cent of the infections had been in New Zealand.

However, sources said that while the New Zealand infection rate sounded high, Symantec was working off a small sample and that might translate into only two infected machines. It was possible these might even be owned by researchers studying the trojan.

Israeli security firm Seculert said it had detected 800 infections but did not identify New Zealand as having been a target, saying instead that most of the victims appeared to be in Iran.

"Targets of the Madi campaign... include oil companies, US-based think-tanks, a foreign consulate, as well as various governmental agencies, including some in the energy sector," Symantec said in its advisory.

The National Cyber Security Centre, established by the Government last year, could not make official comment.

Symantec said it had observed Madi communicating with "command-and-control servers" hosted in Iran and, more recently, Azerbaijan.

Madi used "social engineering" techniques to trick people into opening infected files, which "might suggest the involvement of a nation state".

However, Symantec said it appeared to be the work of "an unknown Farsi-speaking hacker with a broad agenda".

Do you know anyone affected by the Madi trojan? Comment below.

- © Fairfax NZ News

Comments