0 Persons
26 November 2012 - 12:55

IDG News Service - Symantec had spotted another odd piece of malware that appears to be targeting Iran and is designed to meddle with SQL databases.

The company discovered the malware, called W32.Narilam on Nov 15. Narilam is rated as a "low risk" by the company, but according to a map, the majority of infections are concentrated in Iran, with a few in the UK, the continental US and the state of Alaska, Computerworld reported.

Interestingly, Narilam shares some similarities with Stuxnet, the malware targeted at Iran's uranium refinement capabilities. Like Stuxnet, Narilam is also a worm, spreading through removable drives and network file shares, Imano wrote.

Once on a machine, it looks for Microsoft SQL databases. It then hunts for specific words in the SQL database -- some of which are in Persian, Iran's main language -- and replaces items in the database with random values or deletes certain fields.

Some of the words include "hesabjari," which means current account; "pasandaz," which means savings; and "asnad," which means financial bond, Imano wrote.

"The malware does not have any functionality to steal information from the infected system and appears to be programmed specifically to damage the data held within the targeted database," Imano wrote. "Given the types of objects that the threat searches for, the targeted databases seem to be related to ordering, accounting, or customer management systems belonging to corporations."

Stuxnet is widely believed to have been created by the US and Israel with the intent of slowing down Iran's peaceful nuclear program. It was defused by Iranian experts.
isna/281

News ID 183475