Iranian authorities have played down the impact of the Narilam worm discovered sabotaging business databases within systems located in the Middle East.
The Maher cyber security centre said in a translated statement Narilam affected a limited number of products owned by an Iranian software company reported to be TarrahSystem.
"The Iranian national Cert announces that the initial investigations shows some misunderstanding about the recent malware," the translated statement read.
"This malware has no sign [that it is] a major threat, nor a sophisticated piece of computer malware. The sample is not wide spread and is only able to corrupt the database of some of the products by an Iranian software company."
Symantec researchers found instances of the Narilam worm modifying and deleting data stored in Microsoft SQL databases. It did not steal data.
Narilam primarily targeted Windows-based databases used by Iranian organisations for customer management and accounting. Instances of the worm were thought to have begun spreading since 2009.
Symantec principal security response manager Vikram Thakur told SC Narilam did not look like a creation of nation-state attackers.
"On a technical level, Narilam is very straightforward," Thakur said.
Narilam infections were thought to be in the hundreds and an even smaller number of cases have popped up in the US and Britain over the last couple of months.
Restoring assets was challenging given the malware's ability to sabotage systems. More than 97 percent of victims were business users, Symantec's said.
Kaspersky also confirmed the research.
"Considering compilation timestamps and early reports, Narilam is a rather old threat that was probably deployed during late 2009 and mid-2010," it wrote in a blog.
"Its purpose was to corrupt databases of three financial applications from [an Iranian company named] TarrahSystem, namely Maliran, Amin and Shahd. Several variants appear to have been created, but all of them have the same functionality and method of replication."
Over the past month, Kaspersky detected six cases of the threat.
.png&h=140&w=231&c=1&s=0)
.png&w=120&c=1&s=0)
EDUtech AU
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
