New Malware Targeting SQL Db's In Iran

Nov 23, 2012 | comments

iran malware
Security firm Symantec has discovered a specialised worm called W32.Narilam that can compromise SQL databases. Symantec reports that the malware "speaks" Persian and Arabic and appears to target mainly companies in Iran. Narilam is, therefore, reminiscent of Stuxnet and its variants.

Narilam spreads via USB flash drives and network shares. Once inside the system, the worm searches for SQL databases that are accessible via the Object Linking and Embedding Database (OLEDB) API. Rather than steal found target data for intelligence purposes, the worm proceeds to modify or delete the data and can, says Symantec, cause considerable damage. Stuxnet similarly served no intelligence purpose and was designed to sabotage its target – an uranium enrichment facility in Natanz, Iran.
 
**Narilam affects almost exclusively "corporate users"**
 

The purpose of Narilam, or that of the worm's authors, remains unknown. However, Symantec says that its analysis suggest that the saboteurs appear to have targeted corporate data records. 

Apparently, the worm's translated instructions include object names such as "sale", "financial bond" and "current account". Due to the malware's level of specialisation, Symantec rates the infection risk as low. The security firm notes that current analysis results indicate "that the vast majority of users impacted by this threat are corporate users."

Some of the worm was written in the Delphi programming language. Symantec says that the worm takes its name from its own attributes, because it searches for SQL databases with three specific names: alim, shahd and maliran. 
Source: Symantec 
Share this article :

Post a Comment

I'm certainly not an expert, but I'll try my hardest to explain what I do know and research what I don't know. Be sure to check back again , after moderation i do make every effort to reply to your comments .

 
Support : INDIATRIKS
Copyright © 2011. INDIATRIKS - All Rights Reserved
Template Edited By Indiatriks
Proudly Powered By Blogger