I've read about a piece of malware that primarily targets corporate users in order to modify and delete records...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
on corporate SQL databases. Does this malware pose any risks beyond the cost incurred from having to restore systems? Are there specific defenses that can be used to protect databases?
Ask the Expert
Have questions about enterprise information security threats for expert Nick Lewis? Send them via email today! (All questions are anonymous.)
The W32.Narilam malware has functionality that allows it to update or delete MS-SQL databases. Narilam spreads copies of itself to the local system and mapped drives to enable it to auto-execute when someone logs into the system. For it to start infecting a network, it needs to either be included in other malware or someone must manually infect a system. The risk from this malware is low, and the damage is primarily in the time spent cleaning up an infected system. It doesn't contain functionality to capture data from the local system or from potential databases. It also only targets three very specific database names (alim, maliran and shahd), and the odds of having a database with the targeted name is fairly low. If an organization has a database this malware attacks, any data could be lost from the last backup depending on how the database and logs are architected. This could potentially be hours to days of data, if not more.
Along with standard enterprises security best practices including database backups, databases can be protected from Narilam by not allowing delete privileges and limiting updates for non-privileged users. To aid in recovery, organizations should have a business continuity or backup plan that covers a database outage. This could minimize the effect from this malware if a database is corrupted and needs to be restored from backups and transaction logs. Also, applications could be architected to limit the database permissions, only allowing minimal updates or data insertion as necessary.
Dig Deeper on Malware, Viruses, Trojans and Spyware
Related Q&A from Nick Lewis
Locky ransomware has borrowed features from Dridex malware, which focused on attacking banks. Expert Nick Lewis explains Locky's techniques and how ...continue reading
The Mazar malware can wipe an entire Android device once it has been installed. Expert Nick Lewis explains how this malware works, and how attacks ...continue reading
MouseJack, a wireless mouse and keyboard security flaw, allows attackers to type malicious commands. Expert Nick Lewis explains how enterprises can ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.