Skip to main content

Worm manipulates databases in Iran

posted onNovember 26, 2012
by l33tdawg

Security firm Symantec has discovered a specialised worm called W32.Narilam that can compromise SQL databases. Symantec reports that the malware "speaks" Persian and Arabic and appears to target mainly companies in Iran. Narilam is, therefore, reminiscent of Stuxnet and its variants.

Narilam spreads via USB flash drives and network shares. Once inside the system, the worm searches for SQL databases that are accessible via the Object Linking and Embedding Database (OLEDB) API. Rather than steal found target data for intelligence purposes, the worm proceeds to modify or delete the data and can, says Symantec, cause considerable damage. Stuxnet similarly served no intelligence purpose and was designed to sabotage its target – an uranium enrichment facility in Natanz, Iran.

Source

Tags

Iran Viruses & Malware

You May Also Like

Recent News

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th