Proactive IT security
 Home  News  Products & services  Virus & security  Support  Download  Partner  Purchase
Select country
Select product
Virus removal tool
Virus descriptions
Latest virus descriptions
Norman SandBox technology
List of detected viruses
Submit virus sample
Antivirus testfile
Virus warnings on your own web site
Security Information
Security News and Advisories
Security articles
 SHORTCUTS:
Mailing list subscriptions
My Norman Bookmarks
Virus & security » Virus descriptions » W32/Sality
W32/Sality
Add to My Norman Bookmarks
W32/Sality Destructivity: Medium Spreading: None Overall risk: Low
Detected by virus detection files published: 20 Jan 2005
Virus characteristics first published: 14 Dec. 2006
Virus characteristics latest update: 14 Dec. 2006
Type: Trojan, Virus
Spreading mechanism: File Infection, Network
Overall risk: Low
Payload: Attempts to steal information; download other malware; displays message; terminates security programs
Type Spreading mechanism Destructivity & payload Additional descriptions Detection & removal

This is a family of fileinfecting viruses with backdoor and keylogger capabilities. Some variants install a helper component in the Windows System folder. Names on this component vary by Sality variant:

SYSLIB32.DLL (All early versions)
OLEMDB32.DLL (Sality.M, version 3.03)
WMIMGR32.DLL (Sality.N, version 3.04)
VCMGRD32.DLL (Sality.P/Q, version 3.07)
VCMGCD32.DLL (Sality.R, version 3.09)
WDMFMC32.DLL (Sality.S, version 3.07)
...and others.

This DLL is then injected into running processes.


 
CURRENT VIRUS THREATS
Medium risk
24 Oct 07 Pidief.A
24 Jan 07 Tibs
25 Sep 06 Stration
18 Jan 06 Small.KI
12 Sep 05 Bagle.CS
17 Aug 05 Zotob.B
08 Jun 05 Mytob
17 Feb 05 MyDoom.AQ
26 Jul 04 MyDoom.L
25 Mar 04 Netsky.P
Low risk
05 Mar 07 Viking.GT
27 Jan 06 Feebs
16 Jan 05 MyDoom.AH
22 Apr 04 SDBot
30 Mar 04 Netsky.Q
Latest virus definition file published
>> 2008-05-16
Security Information
>> The Internet Crime Complaint Center's report for 2007
>> 2007
Security News and Advisories
>> Three critical updates for Microsoft systems in May 2008
>> Five critical updates for Microsoft systems in April 2008
Norman is one of the world’s leading companies within the field of data security. With products for antivirus (virus control), personal firewall, antispam, and encryption, the company plays an important role in the data industry.