Pulse

By GCN Staff

Blog archive
Small businesses in Tehran marketplace

Narilam database malware found in Iran strictly business

Symantec recently identified a database-corrupting piece of malware targeting systems mostly in Iran, but despite early speculation that it could be related to the likes of Stuxnet and Flame, it appears to be targeting small businesses rather than the country’s infrastructure.

The worm, which Symantec calls W32.Narilam, attacks Microsoft SQL Server databases and searches for specific words, some of the written in Persian or Arabic, according to a Symantec blog post.  Narilam then corrupts data, but does not steal anything, according to the blog.

The malware bears some cursory resemblance to Stuxnet, in that it is a worm and spreads via removable drives and network files shares, Symantec said. Stuxnet reportedly was developed as part of a U.S.-led cyber operation and which disrupted Iran’s uranium processing. Other pieces of malware, including Flame and Duqu, also have been identified as coming from the program.

However, Iran’s Computer Emergency Response Team issued a statement calling Narilam unsophisticated and “has no sign of a major threat.” In fact, Iran’s CERT said it had been previously detected in 2010 and targets accounting software developed by an Iranian company used by small businesses.

Symantec said infections weren’t widespread and that the vast majority of infections were in Iran, with a few in the United States and Great Britain.

Researchers at Kaspersky Labs also said they saw no connection between Narilam and Stuxnet, and, considering the low number of reported infections, speculated that the worm is “probably almost extinct.”

Posted by Kevin McCaney on Nov 26, 2012 at 9:39 AM


Featured

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.