Monday, November 26, 2012

Symantec experts found SQL-virus aimed at Iran

Found in the 'wild' virus got internal designation W32.Narilam

The company announced the discovery of a new virus that targets the Iranian computer systems and databases within these systems.

Messages about the virus first appeared on November 15, and the company Symantec said its low hazard. More interesting were the data on the location of virus detection Narilam - most copies were found in Iran, and other isolated cases of infection reported in the UK, in the continental U.S. and Alaska.

It is noteworthy that the new virus Narilam has many similarities with the infamous virus Stuxnet, which has led to large-scale man-made disaster in the factory for uranium enrichment in Iran. Like Stuxnet, which disrupted enrichment centrifuges by implementing a control program, the virus Narilam is a worm that spreads through removable drives and network shares.

When the virus enters Narilam on the victim, he first searches the database Microsoft SQL. The virus searches in these databases for certain keywords, including, in Persian (Farsi), the official language of Iran. Elements found virus replaces a randomly generated value or destroy certain data fields. In particular, the virus searches and replaces words such as 'hesabjari' (current account), 'pasandaz' (account balance) and 'asnad' (debts).

As written in the official blog Shunichi Imano, one of the first researchers of the virus Narilam, in its current form does not contain a virus tools to steal information from infected systems. Assessment Imano, the virus was created specifically to damage certain databases. Given the type of data that searches for viruses, the authors wanted to harm the corporate systems for order management, accounting and customer relationship management.

Judging from the available data, the virus Narilam unlikely to bring any benefit to home users, such as a random increase in the balance on the account of, or destruction of data on bank debt. At the same time, the virus Narilam can be a serious threat to companies that use the database, working with language SQL (especially Microsoft SQL Server), but do not always back up.


No comments:

Post a Comment