(LiveHacking.Com) – Symantec is reporting that it has detected a new piece of malware called Narilam which is attacking business databases in Iran. Of course, the existence of such a worm that is attacking the Middle East, and Iran specifically, has drawn parallels with other well documented cyber-attacks on Iran including Stuxnet, Duqu and Flame.
According to Symantec, Narilam is designed to cause chaos by targeting and modifying corporate databases. It does this by attacking Microsoft SQL databases via OLEDB (Object Linking and Embedding, Database) and hunts out SQL databases with three distinct names: alim, maliran, and shahd. It then replaces certain items (including columns called Asnad.LastNo, Asnad.FirstNo and refcheck.amount) in the database with random values.
However the Iranian National Cert “Maher”, is saying that after its initial investigations there seems to be some misunderstanding about the malware. First, it isn’t new malware but old! Iran reckons it has been around since 2010 but under a different name. Secondly, the malware is not a major threat nor is it a sophisticated piece of malware. Thirdly, the malware isn’t that wide spread and it is only able to corrupt the database of a particular accounting package for small businesses.
Maher’s advise is not to panic and only the customers who use that particular accounting software should make sure they have good backups and that they scan their systems regularly with a decent antivirus product.
So who is right? It is difficult to tell. Malware which targets a very specific software product made and predominately used in Iran is very suspect, especially in light of other cyber attacks like Stuxnet, but at the same time if it is old and contains no functionality to steal information from infected systems then its impact will certainly be limited.