Symantec warns of malware targeting SQL databases - pursellthempailoved

Symantec has patched another odd piece of malware that appears to be targeting Iran and is designed to meddle with SQL databases.

The company discovered the malware, known as W32.Narilam, along Nov 15 but on Friday published a more detailed writeup away Shunichi Imano. Narilam is rated as a "low chance" by the company, simply according to a map, the majority of infections are concentrated in Iran, with a few in the U.K., the geographical area U.S., and the state of Last Frontier.

Interestingly, Narilam shares some similarities with Stuxnet, the malware targeted at Persia that disrupted its uranium culture capabilities aside interfering with industrial software that ran its centrifuges. Like Stuxnet, Narilam is also a worm, spreading through removable drives and mesh file shares, Imano wrote.

Once on a political machine, it looks for Microsoft SQL databases. It then hunts for specific language in the SQL database—any of which are in Persian, Iran's main language—and replaces items in the database with random values or deletes certain fields.

Any of the words include "hesabjari," which means occurrent account; "pasandaz," which means savings; and "asnad," which agency financial bail, Imano wrote.

"The malware does non have any functionality to steal information from the infected system and appears to be programmed specifically to damage the data held within the targeted database," Imano wrote. "Given the types of objects that the terror searches for, the targeted databases seem to make up associated ordering, accounting, or customer management systems belonging to corporations."

Consumers not targeted

The types of databases sought aside Narilam are farfetched to represent employed by home users. But Narilam could be a headache for companies that consumption SQL databases simply practice not go along backups.

"The affected constitution leave likely suffer significant gap and even financial expiration piece restoring the database," Imano wrote. "As the malware is aimed at sabotaging the affected database and does not make a copy of the pilot database offse, those affected aside this threat will have a long road to recovery ahead of them."

Stuxnet is widely believed to deliver been created by the U.S. and Israel with the intent of slowing down Iran's nuclear program. Since its discovery in June 2010, researchers have linked it to other malware including Duqu and Fire, indicating a long-operative espionage and sabotage effort that has prompted concern over escalating cyberconflict betwixt nations.

Direct news tips and comments to jeremy_kirk@idg.com. Follow ME on Twitter: @jeremy_kirk

Source: https://www.pcworld.com/article/455774/symantec-warns-of-malware-targeting-sql-databases.html

Posted by: pursellthempailoved.blogspot.com

Share this post