Sality is a file-infecting virus that has been around for more than nine years. Sality has been ranked by Symantec as the number one malicious code family in 2010 by number of endpoint detections. It was apparently named after the Russian town of “Salavat City”, although the command and control servers are thought to be in the US, UK, and the Netherlands. It has been used to push spam, steal passwords, crack SIP accounts, and various other nasty things.
Sality is a family of virus. Sality.aa, is a popular polymorphic virus. Sality.aa, was followed by a different version of sality called as Sality.ae. This was built as an entry-point obscuring (EPO) polymorphic file infector, and overwrites files with complex and encrypted code instructions. It creates peer-to-peer (P2P) botnet and receives URLs of additional files to download.
--
Dr.B.M
--
Dr.B.M
No comments:
Post a Comment