Pulse

By GCN Staff

Blog archive
Small businesses in Tehran marketplace

Narilam database malware found in Iran strictly business

Symantec recently identified a database-corrupting piece of malware targeting systems mostly in Iran, but despite early speculation that it could be related to the likes of Stuxnet and Flame, it appears to be targeting small businesses rather than the country’s infrastructure.

The worm, which Symantec calls W32.Narilam, attacks Microsoft SQL Server databases and searches for specific words, some of the written in Persian or Arabic, according to a Symantec blog post.  Narilam then corrupts data, but does not steal anything, according to the blog.

The malware bears some cursory resemblance to Stuxnet, in that it is a worm and spreads via removable drives and network files shares, Symantec said. Stuxnet reportedly was developed as part of a U.S.-led cyber operation and which disrupted Iran’s uranium processing. Other pieces of malware, including Flame and Duqu, also have been identified as coming from the program.

However, Iran’s Computer Emergency Response Team issued a statement calling Narilam unsophisticated and “has no sign of a major threat.” In fact, Iran’s CERT said it had been previously detected in 2010 and targets accounting software developed by an Iranian company used by small businesses.

Symantec said infections weren’t widespread and that the vast majority of infections were in Iran, with a few in the United States and Great Britain.

Researchers at Kaspersky Labs also said they saw no connection between Narilam and Stuxnet, and, considering the low number of reported infections, speculated that the worm is “probably almost extinct.”

Posted by Kevin McCaney on Nov 26, 2012 at 9:39 AM


Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected