Draggingtree Posted November 26, 2012 Share Posted November 26, 2012 Gizmodo New Money-Destroying Virus Attacks Iran Sam Biddle After the US and Israel cooked up Stuxnet—a potent cyber weapon aimed at Iran's nuclear facilities—whenever a virus targets Iran, it could be something major. This time around, the web threat wants to erase Iranian banks. The worm, which Symantec has dubbed W32.Narilam, started creeping through Iranian financial servers over the past several days: Just like many other worms that we have seen in the past, the threat copies itself to the infected machine, addsregistry keys, and spreads through removable drives and network shares. It is even written using Delphi, which is a language that is used to create a lot of other malware threats. All these aspects of this threat are normal enough, what is unusual about this threat is the fact that it has the functionality to update a Microsoft SQL database if it is accessible by OLEDB. The worm specifically targets SQL databases with three distinct names: alim, maliran, and shahd. The following are some of the object/table names that can be accessed by the threat: Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now