Iran seems to have the misfortune of being the target of some of the world’s most sophisticated malware.
So sophisticated, in fact, that most observers assume that well-funded government agencies are behind the worms that stopped its centrifuges from spinning and stole sensitive information from its official institutions. And now, following the discovery of Stuxnet and Flame, a new piece of malware appears to have the Islamic Republic in its sights, according to Symantec.
W32.Narilam is said to attack SQL databases by looking for certain key words in Farsi, such as those for “current account”, financial bond” and “instalment loans,” according to a Symantec blog post. The security firm believes that the worm is meant to destroy, rather than collect information, and is presumably targeting the finance departments of corporations.