Pulse

By GCN Staff

Blog archive
Small businesses in Tehran marketplace

Narilam database malware found in Iran strictly business

Symantec recently identified a database-corrupting piece of malware targeting systems mostly in Iran, but despite early speculation that it could be related to the likes of Stuxnet and Flame, it appears to be targeting small businesses rather than the country’s infrastructure.

The worm, which Symantec calls W32.Narilam, attacks Microsoft SQL Server databases and searches for specific words, some of the written in Persian or Arabic, according to a Symantec blog post.  Narilam then corrupts data, but does not steal anything, according to the blog.

The malware bears some cursory resemblance to Stuxnet, in that it is a worm and spreads via removable drives and network files shares, Symantec said. Stuxnet reportedly was developed as part of a U.S.-led cyber operation and which disrupted Iran’s uranium processing. Other pieces of malware, including Flame and Duqu, also have been identified as coming from the program.

However, Iran’s Computer Emergency Response Team issued a statement calling Narilam unsophisticated and “has no sign of a major threat.” In fact, Iran’s CERT said it had been previously detected in 2010 and targets accounting software developed by an Iranian company used by small businesses.

Symantec said infections weren’t widespread and that the vast majority of infections were in Iran, with a few in the United States and Great Britain.

Researchers at Kaspersky Labs also said they saw no connection between Narilam and Stuxnet, and, considering the low number of reported infections, speculated that the worm is “probably almost extinct.”

Posted by Kevin McCaney on Nov 26, 2012 at 9:39 AM


Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

Sign up for our newsletter.

I agree to this site's Privacy Policy.