Following on from Stuxnet, Gauss, Flame and Duku, Symantec has published a report on Narilam, which exists purely to sabotage databases and is believed to have been loose since around 2009.
However, Kaspersky has found more differences than similarities to previous high profile attacks and believe Narilam to have been built with an entirely different programming tool.
Malware is typically used as part of a plot to make money or exists to spy on infected machines, whereas the new discovery only has 'destructive functionality', according to Stefan Tanase, Kaspersky's Senior Security Researcher.
"Once it infects the victim's machine it tries to connect to whatever databases it can find and will replace or delete tables, rows and columns," he tells AMEinfo.
Narilam has existed undetected for several years, and is not an active threat, but what has been discovered are the leftovers of a major attack - and serves as another indicator there is much more going on than security researchers first though.
"Unfortunately it's very hard to estimate the impact [of the malware] because the threat is over two years old. Right now there are not many detection; we've observed six instances in the past month," says Tanase.
"We can look at the dates of the files, which can be faked, but in my opinion nothing has been faked in this case. Most clues point to this being part of an active campaign in 2009 and 2010."
Despite the major distinctions in the nature of the malware, it appears Iran is yet again the primary target, with most of the detections occurring within the Islamic Republic, and some observed in Afghanistan.
"I have no idea who the exact target is but Iran is obviously the focus," says Tanase, who adds it is not just Kaspersky making that claim, but also all of their competitors.
There is a clear interest to target the Middle East for intelligence gathering, as we saw with Flame and Duku but this adds to the trend of destructive malware, which also affected major oil companies in the Gulf. Symantec's original report explains that the cyber threat targets databases related to corporations' ordering, accounting and customer management systems.
"What we're seeing right now is just the tip of the iceberg. These things can go unnoticed for a lot of time and I'm sure some attacks go on forever without it being realised. There are lots of eyes looking at this hot region - researchers are seeing the most sophisticated cyber-attacks here. It's very interesting," says Tanase.
Browse
related articles
New destructive malware 'Narilam' discovered targeting Iran
- Iran: Tuesday, November 27 - 2012 at 16:59
Related content
A new destructive piece of malware has been discovered this week in what appears to have been yet another cyber-attack on Iran.
Article Options
Steven Bond, ReporterTuesday, November 27 - 2012 at 16:59 UAE local time (GMT+4)
Replication or redistribution in whole or in part is expressly prohibited without the prior written consent of AME Info FZ LLC / 4C.
Disclaimer »
Articles in this section are primarily provided directly by the companies appearing or PR agencies which are solely responsible for the content. The companies concerned may use the above content on their respective web sites provided they link back to http://www.ameinfo.com
Any opinions, advice, statements, offers or other information expressed in this section of the AMEinfo.com Web site are those of the authors and do not necessarily reflect the views of AME Info FZ LLC / 4C. AME Info FZ LLC / 4C is not responsible or liable for the content, accuracy or reliability of any material, advice, opinion or statement in this section of the AMEinfo.com Web site.
For details about submitting your stories, please read the guide - all content published is subject to our terms and conditions
