Thursday, January 27, 2022

Malware Targeting SQL Databases Symantec Discovers

Symantec is warning of a new kind of malware that seems to be altering corporate databases, particularly in the Middle East, although its showing up elsewhere in the world too.

This new malware that has been dubbed “W32.Narilam”, first identified Nov. 15, follows a like pattern of other worms by copying itself onto infected machines, adding registry keys and propogating through removable drives and network shares. “What is unusual about this threat is the fact that it has the functionality to update a Microsoft SQL database if it is accessible by OLEDB.

The worm specifically targets SQL databases with three distinct names: alim, maliran, and shahd,” wrote Symantec security researcher Shunichi Imano in a blog post.

The overall infection rate is low at the moment, but those whose networks are not properly protected could see business disrupted, Imano said.

“Unless appropriate backups are in place, the affected database will be difficult to restore. The affected organization will likely suffer significant disruption and even financial loss while restoring the database. As the malware is aimed at sabotaging the affected database and does not make a copy of the original database first, those affected by this threat will have a long road to recovery ahead of them.”

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

New FastPOS malware targeting Point-of-Sale systems

Experts have disclosed a new category of malware, labeled “FastPOS,” that has the ability to quickly …