Many Iranians use a free encrypted proxy tool called Simurgh. It is also being adopted by anti-government groups in Syria, interested in concealing their online activities. Trojanized versions have been appearing on file sharing sites for quite some time. Sophos Anti-Virus proactively detected the malicious version as HIPS/RegMod-012 for customers who have our Host Intrusion Prevention System (HIPS) enabled. It attempts to submit these logs to some servers located in the United States, but registered to an entity that appears to be based in Saudi Arabia.”]
Source: https://nakedsecurity.sophos.com/2012/05/29/spying-trojan-targets-iranian-web-surfers-dissidents/