New worm is designed to attack Iran financial institutions

By on November 26, 2012, 3:00 PM

Stuxnet garnered a ton of media attention when it managed to cripple Iran’s nuclear program but a new worm recently detailed by Symantec is attacking the country on a different and perhaps even more damaging level.

A new virus called Narilam started infiltrating the country’s banking systems during the past week. As outlined by the security company, the worm works much like any other in that it copies itself to infected machines, adds registry keys and can be spread via removable drives and over networks.

The code is written in Delphi, a common language used to produce malware. What’s not common about Narilam, however, is the fact that it can manipulate a Microsoft SQL database that is accessible by OLEDB. Symantec says it specifically goes after SQL databases that have one of three distinct names: alim, maliran or shahd.

Also unlike other malware, Narilam isn’t designed to spy on a user or their data. Instead, the code simply works itself into systems that deal with money and does its best to screw up data. As you can imagine, this is bad news for banks as it could potentially permanently destroy valuable financial records.

At this hour, it seems that the best defense against the worm is a good backup strategy that an institution could resort to in the event they become infected. Even still, Symantec says an infected database could be difficult to restore. Service disruption and permanent loss would both be expected as part of a successful attack.

There’s no word yet on who is responsible for creating the worm. For their part, Iran says the worm hasn’t been a serious concern as of yet. Granted, they probably wouldn’t admit it even if it was causing chaos in the financial sector.

User Comments: 9

Got something to say? Post a comment
2 people like this | Guest said:

Can't imagine this is a good thing. Wouldn't it just bugger thousands of individuals who happen to live in that country. Why would anyone see this as a good thing?

Guest said:

"There's no word yet on who is responsible for creating the worm."

Let me guess... I was Iran itself, so they can blame the poor ol' USA! Or North-Korea! Yeah, that's it! They were envious if the attention Iran got! They did Stux too, Israel had nothing to do with it!

/sarcasm off

TechGamer TechGamer said:

We have enough of world economic crysis we just need one of the most important sectors of oil marketers screwed up in this cyber war between these guys

1 person liked this |
Jesse Jesse said:

The name of the worm, Narilam, and the name of one of the SQL databases it targets, maliran, are a palindrome.

H3llion H3llion, TechSpot Paladin, said:

Play with fire long enough and you will get burned.

Tygerstrike said:

Oh im betting that Iran wouldnt admit if half the country was taken out by a meteorite. Iran has more enemies then just the USA. Its just funny that Iran wants to play chicken with nukes. Im guessing one of their CLOSE neihbors did this.

Archean Archean, TechSpot Paladin, said:

+1 H3

I think they are in a way leading them to retaliate in kind, so I wouldn't be surprised if this 'cyber war' start to hurt 'unsuspecting targets'.

misor misor said:

So skynet version jihad is now partially aware and would only attack iran business institutions?

I thought viruses/malwares will attack any system with click buttons, "download antivirus software here", and sometimes a drop by style of attack.

anyone please enlighten me.

because if that malware successfully attack iran, then by association, the malware will jump to syria, then to hezbollah, then to hamas, then to west bank, then to israel, then to the u.s.a.

and if wikileaks "clicks" the files of the u.s.a., the malware will jump to any system reading the leaks.

Zoltan Head said:

The name of the worm, Narilam, and the name of one of the SQL databases it targets, maliran, are a palindrome.

Did you know that a Palindrome is also tiny launchpad for the convenience of a former Republican nominee?

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.