General
Methods of propagation:
• Local network
• Mapped network drives
Aliases:
• Symantec: W32.Sality.AE
• Mcafee: W32/Sality.gen
• Kaspersky: Virus.Win32.Sality.aa
• TrendMicro: PE_SALITY.JER
• F-Secure: Virus.Win32.Sality.aa
• Sophos: W32/Sality-AM
• Panda: W32/Sality.AK
• VirusBuster: Sality.AQ.Gen
• Bitdefender: Win32.Sality.OG
Platforms / OS:
• Windows 95
• Windows 98
• Windows 98 SE
• Windows NT
• Windows ME
• Windows 2000
• Windows XP
• Windows 2003
Side effects:
• Lowers security settings
• Registry modification
File infection Method:
This memory-resistent infector remains active in memory.
70.000
• .EXE
Registry
The value of the following registry key is removed:–
[HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot]
It creates the following entry in order to bypass the Windows XP firewall:–
[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
• "c:\\%filename%"="c:\\%filename%:*:Enabled:ipsec"
• "c:\windows\\system32\\ctfmon.exe"="c:\windows\\system32
No comments:
Post a Comment