Friday, November 23, 2012

Narilam - new worm aimed at Iran

Narilam is a worm that spreads through removable storage devices and resources available in the network to infect databases SQL.

Symantec discovered a new malicious program Narilam, which aims mainly at Iran's computer systems and uses its data base of the SQL.

The researchers found that Narilam has some similarities to the virus Stuxnet, which was used in an attack on Iran's industries. Like Stuxnet, Narilam is a worm that spreads through removable drives and shared network resources.

When Narilam enters the system, it will search the database Microsoft SQL. After their discovery the virus searches for certain words, most of them in Persian. Subsequently malware replaces elements in a database with random values ​​or remove specific field.

"The functions of the malicious program does not include the theft of information from infected systems, and possibly a virus programmed specifically to damage the data stored in the target database," - says the company Symantec Shunichi Imano.

The expert notes that Narilam targets the databases associated with the orders, accounting, or systems that manage customer information.

It is noteworthy that the virus is not used in the attacks on the home user. It can create some problems for those companies that use SQL databases without making backups.

"The victim organization is likely to face serious disruption and financial losses in the recovery database," - noted in Symantec.


No comments:

Post a Comment