|
 |
|
Sality-AM
|
|
|
First Report:
|
2008-01-15 09:02
|
|
Last Update:
|
2008-05-16 05:36
|
|
|
Risk Rating:
|
Very Low Risk
|
|
|
Aliases:
|
In
PE_SALITY.M
Server
W32.Sality.AE
W32/Sality-AM
XP
|
|
|
|
Information From AntiVirus Vendors
|
|
|
|
|
Below you will find virus information from different antivirus vendors included in this Secunia Virus Profile. Information about the virus along with links to removal tools will be listed below when available.
The information provided is sorted by the date on which the information first became publicy available on the antivirus vendors' websites. The earliest available reports are displayed first. Please note timestamps are in GMT+1.
|
|
|
#1 - SOPHOS
|
| |
|
|
W32/Sality-AM
|
Severity:
1/5
|
File Size:
-
|
| |
|
|
Reported:
2008-01-15 09:02
|
Last Update:
2008-02-12 05:33
|
| |
Description:
W32/Sality-AM is a virus for the Windows platform.
|
| |
|
Full Report From Vendor
|
|
|
#2 - SOPHOS
|
| |
|
|
W32/Sality-AM
|
Severity:
2-red/5
|
File Size:
-
|
| |
|
|
Reported:
2008-04-19 02:18
|
Last Update:
2008-05-13 05:34
|
| |
Description:
|
| |
|
Full Report From Vendor
View/Hide ChangeLog
|
|
ChangeLog:
|
|
|
Changes are listed in chronological order with the latest changes first.
|
|
| |
|
|
2008-04-24 05:44
|
Description was changed.
New:
"2-red/5"
Old:
"1-red/5"
|
| |
|
|
2008-04-23 05:44
|
Description was changed.
New:
"1-red/5"
Old:
"2-red/5"
|
| |
|
|
2008-04-22 05:43
|
Description was changed.
New:
"2-red/5"
Old:
"1-red/5"
|
|
|
|
|
|
#3 - TREND MICRO
|
| |
|
|
PE_SALITY.M
|
Severity:
-
|
File Size:
-
|
| |
|
|
Reported:
2008-04-25 12:42
|
Last Update:
2008-05-16 05:36
|
| |
Description:
This file infector may be downloaded from remote sites by other malware.
It may be dropped by other malware.
It may be downloaded unknowingly by a user when visiting malicious Web sites.
It infects by appending its code to target host files.
It infects specific files.
It avoids folders with certain strings.
It drops a file, which is detected by Trend Micro as TROJ_AGENT.XOO.
It then executes the dropped file(s). As a result, malicious routines of the dropped files are exhibited on the affected system.
It terminates certain services if found on the system. It also deletes certain registry keys, most of which are related to antivirus and security applications. The said routine makes it difficult to remove this malware from the affected system.
It creates mutex(es) to ensure that only one instance of itself is running in memory.
It downloads files, which are detected by Trend Micro as TSPY_AGENT.AMEZ, from certain URLs. The downloaded files are executed on the affected machine, thus, routines of the downloaded files are also exhibited on the affected system.
|
| |
|
Full Report From Vendor
View/Hide ChangeLog
|
|
ChangeLog:
|
|
|
Changes are listed in chronological order with the latest changes first.
|
|
| |
|
|
2008-04-25 14:12
|
Description was changed.
New:
"This file infector may be downloaded from
remote sites by other malware.
It may be
dropped by other malware.
It may be
downloaded unknowingly by a user when
visiting malicious Web sites.
It infects
by appending its code to target host files.
It infects specific files.
It avoids folders
with certain strings.
It drops a file,
which is detected by Trend Micro as
TROJ_AGENT.XOO.
It then executes the dropped
file(s). As a result, malicious routines of
the dropped files are exhibited on the
affected system.
It terminates certain
services if found on the system. It also
deletes certain registry keys, most of which
are related to antivirus and security
applications. The said routine makes it
difficult to remove this malware from the
affected system.
It creates mutex(es) to
ensure that only one instance of itself is
running in memory.
It downloads files,
which are detected by Trend Micro as
TSPY_AGENT.AMEZ, from certain URLs. The
downloaded files are executed on the affected
machine, thus, routines of the downloaded
files are also exhibited on the affected
system."
Old:
"N/A"
|
|
|
|
|
|
Please note: The information that this Secunia Virus Profile is based on comes from a third party unless stated otherwise.
The grouping process is done completely automatically, therefore minor inconsistencies may occur. For more information about Secunia Virus Information, please read: About Virus Information.
|
|
|
|
|
Secunia PSI
Scan | Patch | Track
Free Download
|
|
|
Secunia Poll
|
|
|
|
|
 |
|
|
Most Popular Advisories
|
|
|
|
|
|
