Details and Precautions to be taken to countermeasure Sality

Sality is the name for a family of malware (malicious software). It affects Microsoft Windows operating systems such as Windows XP, Windows 7, and Windows 8. The virus includes an auto-run worm component that allows it to spread to any removable or discoverable drive such as external hard drives or USB. In addition, Sality also includes a downloader trojan that downloads & installs additional malware via the internet.

Sality targets Windows executable files with the extensions .SCR or .EXE. It may delete files with certain extensions and terminates security-related processes and services.

It may also communicate over peer-to-peer (P2P) network for stealing sensitive personal information such as documents, email IDs & passwords, installing backdoor trojan & keyloggers.

How do you know you are affected by Sality?

As with any other malware, Sality first disables your antivirus software and prevents access to certain antivirus and security websites. Sality variants usually attempt to delete files related to antivirus updates, such as those with the following file extensions:
i. .AVC
ii. .KEY
iii. .VDB

Other indicative factors could be as follows –

1. Error booting into Safe Mode and deletion of security-related files

2. Increase in the file size of infected files (e.g. your simple text files may measure up to MB instead of KB)

3. Antivirus and firewall applications fail to function.

4. Windows Task Manager and Windows Registry Editor disabled/grayed out.

5. Unaccounted outgoing traffic from unidentified processes

Countermeasures and removal tools:

Taking the following steps helps prevent infection against sality and host of other virus, Trojans and malwares:

Enable a firewall on your computer.
Ensure latest security updates are installed for your operating system
Beware of phishing <Read our post to know about phishing sites>
Always use original software

For further information, read our blog post on tips to protect personal information online

Removal Tools:

For cleaning Sality infected systems use any of the free clean up tool available below -

http://support.kaspersky.com/viruses/disinfection/1874#block1
http://security.symantec.com/nbrt/npe.aspx?lcid=1033
http://free.avg.com/in-en/remove-win32-sality

Add Comment Register



Leave a Reply

Your email address will not be published. Required fields are marked *


*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>