Symantec uncovers malware that damages databases, disrupts business activity

W32.Narilam targeting enterprises in Middle East, U.S. and U.K.
Tools

Security firm Symantec is warning consumers about new malware called W32.Narilam that can damage corporate databases and disrupt business.

The malware targets ordering, accounting and customer management systems, explained Symantec security researcher Shunichi Imano in a blog post.

Most of the malware is currently found in the Middle East, but it has also been found in the United States and the U.K. A full 97.1 percent of victims are enterprises.

The malware "copies itself to the infected machine, adds registry keys, and spreads through removable drives and network shares," Imano explained.

W32.Narilam has the ability to update a Microsoft SQL database. It replaces certain items in the database with random values and deletes tables.

"Unless appropriate backups are in place, the affected database will be difficult to restore," Imano wrote.

"The affected organization will likely suffer significant disruption and even financial loss while restoring the database. As the malware is aimed at sabotaging the affected database and does not make a copy of the original database first, those affected by this threat will have a long road to recovery ahead of them," he added.

While new, W32.Narilam follows in a long line of malware designed to sabotage business activity, Imano noted. These include W32.Stuxnet, which was designed to disrupt industrial automation system, as well as W32.Disstrack and W32.Flamer, which both wiped data and files from hard drives.

To mitigate the risks from this type of malware, enterprises should keep system software updated, enable security firewalls, enforce strong user security measures such as passwords and develop a plan to respond to malware infection if found on networks and in databases.

For more:
- see Imano's blog

Related articles:
Data-stealing malware creates backdoor on virtual machines
Security risks of DNSChanger botnet