Is Narilam Malware Something to Worry About?

By | Nov 28, 2012

A new malware arising in the Middle East targets and alters business databases. This is certainly the stuff of nightmares for an IT manager, but the specifics surrounding this piece of malware make it unlikely that it will ever harm businesses outside of the Mideast.

New Malware Threat

Security giant Symantec recently uncovered a new malware, or more specifically a worm, targeting businesses in the Middle East. As detailed in this PC Mag article, Symantec has named this the Narilam malware, or W32.Narilam.

The malware works in a similar manner to other network worms as it modifies the registry of infected computers and duplicates itself through removable drives and network sharing, as noted in this IT Pro article.

Narilam is designed to alter Microsoft SQL databases in a very specific manner. The malware looks for three specific database names, then looks for specific objects and tables within those databases. Once the malware has found its target, it either erases targeted objects or tablets or replaces the values with random numbers.

Symantec believes that the malware is between two and three years old, but the total number of infections over that time is relatively small. With just a handful of incidents in the past month, and now with its increased notoriety, Narilam doesn't appear to be much of a threat going forward.

The Potential for Harm

Because of the targeted nature of the Narilam malware, and its specific use against Middle Eastern business, some may be quick to compare it to earlier pieces of malware like Stuxnet, Gauss and Flame. While that's a reasonable comparison to make, security researchers have found no direct or indirect link between the various pieces of malware.

In fact, since Narilam appears to only target the specific databases used in the small business accounting software of a single unidentified Iranian company, the threat to the public is almost nonexistent. Still, that's not to say that IT managers at midsize businesses shouldn't be aware of the risks. Even if Narilam itself dies off, which it has probably already done, the concepts introduced by any well-known malware are likely to find their way into the marketplace eventually.

It is really the targeted nature of the malware that needs to be understood and addressed. Not too long ago, small and midsize businesses could rightfully consider themselves immune to targeted attacks and malware, as the size of the business didn't create enough of a reward to be worth the risk to the attacker. With cloud computing and powerful analytics allowing midsize businesses to harness unimaginable amounts of data, their data stores and lax security make them the perfect target for attackers.

Hopefully, the damage that a worm like Narilam can do will be enough to convince IT manager of the need for powerful, consistent security measures. While locking down systems is rarely possible or profitable, ensuring that employees understand the importance of proper security precautions can greatly diminish malware's ability to infect a system and spread out from there.

Between employee education and proper anti-malware software, the threat of destruction from malware is significantly diminished, but only if the right people remain vigilant.

This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. Like us on Facebook. Follow us on Twitter.

IBM Solution Security & Resiliency

IBM IT security expertise can help medium-sized businesses develop, implement and maintain comprehensive strategies to combat ever-evolving security threats without increasing complexity, cost, or resources required for administration.

Learn More »

More on This Topic

Three Security Concerns for 2016

By Allan Pratt on Dec 4, 2015
As we near the end of 2015, what will 2016 look like in the information security sector? Undoubtedly there be an increase in data breaches across all industries, but will businesses take the high road and inform their customers and ...